Skip to content

Commit e3bd133

Browse files
MatTheCatMatTheCat
committed
[SecurityBundle] Link to the profile the token was (de)authenticated
1 parent d313221 commit e3bd133

File tree

2 files changed

+52
-1
lines changed

2 files changed

+52
-1
lines changed

src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener;
1515
use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
16+
use Symfony\Component\HttpFoundation\Cookie;
1617
use Symfony\Component\HttpFoundation\Request;
1718
use Symfony\Component\HttpFoundation\Response;
1819
use Symfony\Component\HttpKernel\DataCollector\DataCollector;
@@ -195,6 +196,27 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
195196
}
196197

197198
$this->data['authenticators'] = $this->firewall ? $this->firewall->getAuthenticatorsInfo() : [];
199+
200+
if ($this->data['listeners'] && !($this->data['firewall']['stateless'] ?? true)) {
201+
$authCookieName = "{$this->data['firewall']['name']}_auth_profile_token";
202+
$deauthCookieName = "{$this->data['firewall']['name']}_deauth_profile_token";
203+
$profileToken = $response->headers->get('X-Debug-Token');
204+
205+
$this->data['auth_profile_token'] = $request->cookies->get($authCookieName);
206+
$this->data['deauth_profile_token'] = $request->cookies->get($deauthCookieName);
207+
208+
if ($this->data['authenticated'] && !$this->data['auth_profile_token']) {
209+
$response->headers->setCookie(new Cookie($authCookieName, $profileToken));
210+
211+
$this->data['deauth_profile_token'] = null;
212+
$response->headers->clearCookie($deauthCookieName);
213+
} elseif(!$this->data['authenticated'] && !$this->data['deauth_profile_token']) {
214+
$response->headers->setCookie(new Cookie($deauthCookieName, $profileToken));
215+
216+
$this->data['auth_profile_token'] = null;
217+
$response->headers->clearCookie($authCookieName);
218+
}
219+
}
198220
}
199221

200222
public function reset(): void
@@ -339,6 +361,16 @@ public function getAuthenticators(): array|Data
339361
return $this->data['authenticators'];
340362
}
341363

364+
public function getAuthProfileToken(): string|Data|null
365+
{
366+
return $this->data['auth_profile_token'] ?? null;
367+
}
368+
369+
public function getDeauthProfileToken(): string|Data|null
370+
{
371+
return $this->data['deauth_profile_token'] ?? null;
372+
}
373+
342374
public function getName(): string
343375
{
344376
return 'security';

src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,17 @@
181181
<span class="value">{{ source('@WebProfiler/Icon/' ~ (collector.authenticated ? 'yes' : 'no') ~ '.svg') }}</span>
182182
<span class="label">Authenticated</span>
183183
</div>
184+
185+
{% if collector.authProfileToken %}
186+
<div class="metric">
187+
<span class="value">
188+
<a href="{{ path('_profiler', {token: collector.authProfileToken, panel: 'security'}) }}">
189+
{{- collector.authProfileToken -}}
190+
</a>
191+
</span>
192+
<span class="label">From</span>
193+
</div>
194+
{% endif %}
184195
</div>
185196

186197
<table>
@@ -219,7 +230,15 @@
219230
</table>
220231
{% elseif collector.enabled %}
221232
<div class="empty">
222-
<p>There is no security token.</p>
233+
<p>
234+
There is no security token.
235+
{% if collector.deauthProfileToken %}
236+
It was removed in
237+
<a href="{{ path('_profiler', {token: collector.deauthProfileToken, panel: 'security'}) }}">
238+
{{- collector.deauthProfileToken -}}
239+
</a>.
240+
{% endif %}
241+
</p>
223242
</div>
224243
{% endif %}
225244
</div>

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy