feature #24026 [Security] add impersonator_user to "User was reloaded" log message (gharlan)

fabpot · fabpot · commit 80ac52974297 · 2017-08-31T10:53:59.000-07:00
This PR was squashed before being merged into the 3.4 branch (closes #24026). Discussion ---------- [Security] add impersonator_user to "User was reloaded" log message | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | My main concern is this: I use the swift monolog handler to get emails for exceptions. I would like to see the impersonator in these mails. But I'm not sure, if this is a good place for the log message. Commits ------- fc44215 [Security] add impersonator_user to "User was reloaded" log message
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -23,6 +23,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\Role\SwitchUserRole;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@@ -91,7 +92,10 @@ public function handle(GetResponseEvent $event)
         $token = unserialize($token);
 
         if (null !== $this->logger) {
-            $this->logger->debug('Read existing security token from the session.', array('key' => $this->sessionKey));
+            $this->logger->debug('Read existing security token from the session.', array(
+                'key' => $this->sessionKey,
+                'token_class' => is_object($token) ? get_class($token) : null,
+            ));
         }
 
         if ($token instanceof TokenInterface) {
@@ -169,7 +173,16 @@ protected function refreshUser(TokenInterface $token)
                 $token->setUser($refreshedUser);
 
                 if (null !== $this->logger) {
-                    $this->logger->debug('User was reloaded from a user provider.', array('username' => $refreshedUser->getUsername(), 'provider' => get_class($provider)));
+                    $context = array('provider' => get_class($provider), 'username' => $refreshedUser->getUsername());
+
+                    foreach ($token->getRoles() as $role) {
+                        if ($role instanceof SwitchUserRole) {
+                            $context['impersonator_username'] = $role->getSource()->getUsername();
+                            break;
+                        }
+                    }
+
+                    $this->logger->debug('User was reloaded from a user provider.', $context);
                 }
 
                 return $token;
