2

In a Symfony 5.0 Application I have the following scenario:

An admin user is able to create new users. If a new user is created in that way I want to log out the admin redirect to the login screen and set the prefilled value in the email field to the one of the user created just before.

Currently I have a link with href="{{ path('app_logout', {email: user.email}) }}" I the SecurityController I got the default logout method defined like this

/**
 * @Route("/logout", name="app_logout")
 */
public function logout()
{
    throw new \Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
}

So... how would I be able to process the "email"-parameter and pass it on to the login function to handle it there?

Improve this question
1
  • did you find a solution for this? Commented Oct 5, 2021 at 9:15

1 Answer 1

Reset to default
1

Use Dependency Injection to get the Symfony\Component\HttpFoundation\Request object, then get the email parameter from there:

/**
 * @Route("/logout", name="app_logout")
 */
public function logout(Request $request)
{
    if ($request->get('email') {
        return $this->redirectToRoute('security_login', [
            'email' => $request->get('email');
        ]);
    }
}

/**
 * @Route("/login", name="security_login")
 */
public function login(Request $request, AuthenticationUtils $authenticationUtils, TokenStorageInterface $tokenStorage)
    {
        // force logout of previous user
        $tokenStorage->setToken(null);

        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();

        $form = $this->createForm(LoginForm::class, [
            'email' => $request->get('email');
        ]);

        return $this->render('security/login.html.twig', [
            'form' => $form->createView(),
            'error' => $error,
        ]);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

yeah - but how? I have no idea on how to pass parameter to the login-function as the app_logout method (pasted in my post) is not being called by the default logout / login procedure.
You can do it the same way. See my revised answer for a suggestion. The default code is yours to modify to your needs. My code is not tested, so tweak as needed for your application.
OK. I was thinking about that too. But - won't I break the security system behaviour if I override the logout method doing nothing then redirecting? I don't expect a proper logout then...
See one more change to my answer. In the login() script, I force logout of the user with the added tokenStorage->setToken(null), and of course DI is used to inject the TokenStorageInterface to make this work.
I don't think this will break security since as you mentioned logout() is not being called natively, but since you are explicity calling the function with your link and then forcing logout of the user with the setToken(null) method, you should be good.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.