From 27749e8b5b4f186d21c9c35a4900c7c8735564ac Mon Sep 17 00:00:00 2001 From: Sergiu Popa Date: Wed, 20 Mar 2019 10:01:47 +0100 Subject: [PATCH 1/2] Clarify target path functionality Explain that target_path is set from Symfony only when the user visits a secured route which will redirect him to the login. This example is for when the user visits some public routes, then the login page. After it logs in successfully, it will be redirected to that public route. --- security/form_login_setup.rst | 52 +++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/security/form_login_setup.rst b/security/form_login_setup.rst index 08763fbfc95..8e25f984719 100644 --- a/security/form_login_setup.rst +++ b/security/form_login_setup.rst @@ -373,4 +373,56 @@ deal with this low level session variable. However, the :class:`Symfony\\Component\\Security\\Http\\Util\\TargetPathTrait` utility can be used to read (like in the example above) or set this value manually. +The only time target path is set from Symfony is when the user start the authentication flow, passing through the authentication entry point. This is done by the ExceptionListener, when the user tries to access a restricted page, and it is redirected to the login page. At that point target path is set. + +To set it on certain routes, you should implement a Listener: +.. code-block:: php + namespace App\EventListener; + + use Symfony\Component\HttpFoundation\Session\SessionInterface; + use Symfony\Component\HttpKernel\Event\GetResponseEvent; + use Symfony\Component\Security\Http\Util\TargetPathTrait; + + class RequestListener + { + use TargetPathTrait; + + /** @var SessionInterface */ + private $session; + + public function __construct(SessionInterface $session) + { + $this->session = $session; + } + + /** + * Save targetPath for non-Ajax main request. + * + * @param GetResponseEvent $event + */ + public function onKernelRequest(GetResponseEvent $event): void + { + $request = $event->getRequest(); + + if (!$event->isMasterRequest()) { + return; + } + + if ($request->isXmlHttpRequest()) { + return; + } + + $includedRoutes = ['route-1', 'route-2']; + + if (!\in_array($request->attributes->get('_route'), $includedRoutes, true)) { + return; + } + + $this->saveTargetPath($this->session, 'main', $request->getUri()); + } + } + +This listener will save the target path for the *main* firewall for the `$includedRoutes`. If a user visits `route-1` (public route), then successfully logs in, it will be redirected to that route. + + .. _`MakerBundle`: https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html From 87eb5f071b865caa399aec55aa3ac665fd985259 Mon Sep 17 00:00:00 2001 From: Sergiu Popa Date: Wed, 20 Mar 2019 12:27:06 +0100 Subject: [PATCH 2/2] Update form_login_setup.rst --- security/form_login_setup.rst | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/security/form_login_setup.rst b/security/form_login_setup.rst index 8e25f984719..e18ce922aaa 100644 --- a/security/form_login_setup.rst +++ b/security/form_login_setup.rst @@ -373,17 +373,22 @@ deal with this low level session variable. However, the :class:`Symfony\\Component\\Security\\Http\\Util\\TargetPathTrait` utility can be used to read (like in the example above) or set this value manually. -The only time target path is set from Symfony is when the user start the authentication flow, passing through the authentication entry point. This is done by the ExceptionListener, when the user tries to access a restricted page, and it is redirected to the login page. At that point target path is set. +When the user tries to access a restricted page, it is redirected to the login page. +At that point target path is set and after a successful login, the user will +be redirected to the target path set before. + +To set it on certain public routes, you can create an Event Subscriber: -To set it on certain routes, you should implement a Listener: .. code-block:: php - namespace App\EventListener; + namespace App\EventSubscriber; + use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; + use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\Security\Http\Util\TargetPathTrait; - class RequestListener + class RequestSubscriber implements EventSubscriberInterface { use TargetPathTrait; @@ -396,7 +401,7 @@ To set it on certain routes, you should implement a Listener: } /** - * Save targetPath for non-Ajax main request. + * Save targetPath for public routes * * @param GetResponseEvent $event */ @@ -412,7 +417,7 @@ To set it on certain routes, you should implement a Listener: return; } - $includedRoutes = ['route-1', 'route-2']; + $includedRoutes = ['some-public-route', 'another-route']; if (!\in_array($request->attributes->get('_route'), $includedRoutes, true)) { return; @@ -420,9 +425,15 @@ To set it on certain routes, you should implement a Listener: $this->saveTargetPath($this->session, 'main', $request->getUri()); } - } -This listener will save the target path for the *main* firewall for the `$includedRoutes`. If a user visits `route-1` (public route), then successfully logs in, it will be redirected to that route. + public static function getSubscribedEvents() + { + return [ + KernelEvents::REQUEST => ['onKernelRequest'] + ]; + } + } +This subscriber will save the target path for the *main* firewall for the `$includedRoutes`. If a user visits `some-public-route`, after a successful login, it will be redirected to that route. .. _`MakerBundle`: https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html