Search code examples
phpsymfonysymfony-security

Symfony onAuthenticationSuccess did not redirect to the right page

I've set the security on one of my websites, by using Symfony security.

My users can only access websites if they are fully logged in. Each user can be a client or an admin.

So in my LoginFormAuthenticator I've set the redirect as following :

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
    {

        $user = $token->getUser();
        if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
            if($user instanceof Employe) {
                return new RedirectResponse($this->urlGenerator->generate('Admin'));
            } else if($user instanceof Client){
                return new RedirectResponse($this->urlGenerator->generate('AccueilClient'));
            }
        }else{
            return new RedirectResponse($this->urlGenerator->generate('app_login'));
        }

    }

And the login form looks like this :

<form method="post">
                            <img class="responsive-img"
                                 src="{{ asset('build/assets/images/Logo_resized.[hash8].jpg') }}">

                            {% if error %}
                                <div class="row">

                                    <div class="card red">
                                        <div class="card-content black-text">
                                            <span class="card-content">{{ error.messageKey|trans(error.messageData, 'security') }}</span>
                                        </div>

                                    </div>

                                </div>
                            {% endif %}

                            {% if app.user %}
                                <div class="row">

                                    <div class="card red">
                                        <div class="card-content blue accent-1">
                                            <span class="card-content"> Vous êtes déjà connecté en tant que : {{ app.user.nom }} {{ app.user.prenom }},
                                                <a class="black-text" href="{{ path('redirect') }}">Accéder au site</a></span>
                                        </div>

                                    </div>

                                </div>
                            {% endif %}


                            <label for="inputEmail">Email</label>
                            <input type="email" value="{{ last_username }}" name="email" id="inputEmail"
                                   class="form-control" required autofocus>
                            <label for="inputPassword">Mot de passe</label>
                            <input type="password" name="password" id="inputPassword" class="form-control" required>

                            <input type="hidden" name="_csrf_token"
                                   value="{{ csrf_token('authenticate') }}"
                            >

                            <button class="btn btn-lg btn-primary blue_SPIE" type="submit">
                                Se connecter
                            </button>
                        </form>

But every time, I've tried to log in. I'm always redirect on the app_login page and not on the Admin or AccueilClient. I have no idea why I'm not redirect as I want on the good page.

Solution

  • The $targetPath = $this->getTargetPath($request->getSession(), $providerKey) condition is to redirect back the user if they call a restricted route before. Therefore the user wont be check.

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
    $user = $token->getUser();
    if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
        return new RedirectResponse($targetPath);
    }

    if ($user instanceof Employe) {
        return new RedirectResponse($this->urlGenerator->generate('Admin'));
    }

    if($user instanceof Client) {
        return new RedirectResponse($this->urlGenerator->generate('AccueilClient'));
    }
        
    return new RedirectResponse($this->urlGenerator->generate('app_login'));
}