[Security] Allow to switch user when already switching

Description

The current way this feature works, an authenticated user already impersonating another needs to exit impersonation before switching to another user. Otherwise, he'll hit:

symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php

Line 134 in 2b97a0f

    
           throw new \LogicException(sprintf('You are already switched to "%s" user.', $token->getUsername()));

First thing: I don't think a LogicException is the most suitable here, as it'll generate a 500.
Secondly, is there reasons to forbid this by default?

Then, what about allowing to configure this on the switch user listener? Different strategies might exist:

reject, with an appropriate 4XX exception
generate a response suggesting to exit & switch to the new user, out-of-the-box.
just switch, seamlessly.

Throwing a dedicated exception might allow to perform the second option in userland, but would miss an easy way to switch to the new user once exit.

Example

Could be a switch_user listener option:

security:
    firewalls:
        # [...]
        main:
            # [...]
            switch_user:
                already_switching_strategy: ~ # one of reject, confirm or switch; reject as default.

a query parameter to force switching
or the custom exception coupled with error handling in userland. Would miss a native way to exit+switch to the new user though.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions