[Security] Ignore target route when exiting impersonation

MatTheCat · MatTheCat · commit 878667b04451 · 2025-08-21T15:09:57.000+02:00
diff --git a/Firewall/SwitchUserListener.php b/Firewall/SwitchUserListener.php
@@ -124,7 +124,7 @@ public function authenticate(RequestEvent $event): void
         if (!$this->stateless) {
             $request->query->remove($this->usernameParameter);
             $request->server->set('QUERY_STRING', http_build_query($request->query->all(), '', '&'));
-            $response = new RedirectResponse($this->urlGenerator && $this->targetRoute ? $this->urlGenerator->generate($this->targetRoute) : $request->getUri(), 302);
+            $response = new RedirectResponse($this->urlGenerator && $this->targetRoute && self::EXIT_VALUE !== $username ? $this->urlGenerator->generate($this->targetRoute) : $request->getUri(), 302);
 
             $event->setResponse($response);
         }
diff --git a/Tests/Firewall/SwitchUserListenerTest.php b/Tests/Firewall/SwitchUserListenerTest.php
@@ -17,6 +17,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Event\RequestEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -105,6 +106,20 @@ public function testExitUserUpdatesToken()
         $this->assertSame($originalToken, $this->tokenStorage->getToken());
     }
 
+    public function testExitUserDoesNotRedirectToTargetRoute()
+    {
+        $originalToken = new UsernamePasswordToken(new InMemoryUser('username', '', []), 'key', []);
+        $this->tokenStorage->setToken(new SwitchUserToken(new InMemoryUser('username', '', ['ROLE_USER']), 'key', ['ROLE_USER'], $originalToken));
+
+        $this->request->query->set('_switch_user', SwitchUserListener::EXIT_VALUE);
+
+        $listener = new SwitchUserListener($this->tokenStorage, $this->userProvider, $this->userChecker, 'provider123', $this->accessDecisionManager, urlGenerator: $this->createMock(UrlGeneratorInterface::class), targetRoute: 'whatever');
+        $listener($this->event);
+
+        $this->assertInstanceOf(RedirectResponse::class, $this->event->getResponse());
+        $this->assertSame($this->request->getUri(), $this->event->getResponse()->getTargetUrl());
+    }
+
     public function testExitUserDispatchesEventWithRefreshedUser()
     {
         $originalUser = new InMemoryUser('username', null);

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ public function authenticate(RequestEvent $event): void`
`124`	`124`	`if (!$this->stateless) {`
`125`	`125`	`$request->query->remove($this->usernameParameter);`
`126`	`126`	`$request->server->set('QUERY_STRING', http_build_query($request->query->all(), '', '&'));`
`127`		`- $response = new RedirectResponse($this->urlGenerator && $this->targetRoute ? $this->urlGenerator->generate($this->targetRoute) : $request->getUri(), 302);`
	`127`	`+ $response = new RedirectResponse($this->urlGenerator && $this->targetRoute && self::EXIT_VALUE !== $username ? $this->urlGenerator->generate($this->targetRoute) : $request->getUri(), 302);`
`128`	`128`
`129`	`129`	`$event->setResponse($response);`
`130`	`130`	`}`