Skip to content

Clarify target path functionality #11192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Clarify target path functionality #11192

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
27749e8
Clarify target path functionality
sergiu-popa Mar 20, 2019
87eb5f0
Update form_login_setup.rst
sergiu-popa Mar 20, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions security/form_login_setup.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -373,4 +373,56 @@ deal with this low level session variable. However, the
:class:`Symfony\\Component\\Security\\Http\\Util\\TargetPathTrait` utility
can be used to read (like in the example above) or set this value manually.

The only time target path is set from Symfony is when the user start the authentication flow, passing through the authentication entry point. This is done by the ExceptionListener, when the user tries to access a restricted page, and it is redirected to the login page. At that point target path is set.

To set it on certain routes, you should implement a Listener:
.. code-block:: php
namespace App\EventListener;

use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\Security\Http\Util\TargetPathTrait;

class RequestListener
{
use TargetPathTrait;

/** @var SessionInterface */
private $session;

public function __construct(SessionInterface $session)
{
$this->session = $session;
}

/**
* Save targetPath for non-Ajax main request.
*
* @param GetResponseEvent $event
*/
public function onKernelRequest(GetResponseEvent $event): void
{
$request = $event->getRequest();

if (!$event->isMasterRequest()) {
return;
}

if ($request->isXmlHttpRequest()) {
Copy link
Contributor

@dbrumann dbrumann Apr 6, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to combine both if conditions to simplify/shorten this example a bit?

if (!$event->isMasterRequest() || $request->isXmlHttpRequest()) {
    return;
}

return;
}

$includedRoutes = ['route-1', 'route-2'];

if (!\in_array($request->attributes->get('_route'), $includedRoutes, true)) {
return;
}

$this->saveTargetPath($this->session, 'main', $request->getUri());
}
}

This listener will save the target path for the *main* firewall for the `$includedRoutes`. If a user visits `route-1` (public route), then successfully logs in, it will be redirected to that route.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, is the idea that route-1 is a protected page, but it doesn’t live under the main firewall? Or is it a public page, and there’s a login form somewhere on it?

Copy link
Author

@sergiu-popa sergiu-popa Mar 20, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a public page from where you can login, and you will be redirected back to that pages. In your "language": I visit symfonycasts, then I visit /courses, and when I login, I'm back at /courses; actually SFCasts does this right now.

I had the impression that Symfony does this by default... but at least following the Login Guard Authenticator documentation, it does not.



.. _`MakerBundle`: https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html