New in Symfony 6.4: Impersonation Utilities

October 26, 2023 · Published by Avatar of Javier Eguiluz Javier Eguiluz

Symfony 6.4 is backed by:

As the creator of Symfony, SensioLabs supports companies using Symfony, with an offering encompassing consultancy, expertise, services, training, and technical assistance to ensure the success of web application development projects.
Private Packagist is a fast, reliable, and secure Composer repository for your private packages. It mirrors all your open-source dependencies for better availability and monitors them for security vulnerabilities.
Phil E. Taylor Alexandre Daubois

Contributed by
Phil E. Taylor and Alexandre Daubois in #50030 and #51804.

User impersonation is a popular Symfony security feature that allows you to log in in the application as another user without knowing their credentials. It's mostly useful to debug issues reported by your customers that you can't reproduce with your own user.

Symfony provides some Twig functions to ease working with user impersonation: impersonation_exit_path() and impersonation_exit_url(). These functions generate the relative and absolute URL that you need to browse to exit or stop the impersonation and return back to your own user.

In Symfony 6.4 we're adding new Twig functions related to impersonation. They are called impersonation_path() and impersonation_url() and they generate the relative/absolute URL needed to impersonate a user:

1
2
3
4
5
{# e.g. add this in the profile page of a user in the backend #}
<a href="{{ impersonation_path(customer.username) }}">Impersonate {{ customer.name }}</a>

{# e.g. add this in the emails sent by your customer support service #}
<a href="{{ impersonation_url(customer.username) }}">Impersonate {{ customer.name }}</a>

Using these functions is more future-proof than generating the paths/URLs manually, because the query string parameter included in them is a "magic string" that is configurable in the application.

Published in #Living on the edge

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Comments

Avatar of Philippe Gamache
Philippe Gamache said on Oct 30, 2023
Something I think should be added into the Impersonation Utilities, would be an official (and included) way to add Auditing to "Impersonation", also a way to ask autorisation for impersonalize a user. It's now more and more a legal requirement.
Avatar of Jonathan Nieto Lajo
Jonathan Nieto Lajo said on Nov 7, 2023
Very handy! Thanks!

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.