Impersonation events

[DavidPetrasek]

Here it says:
"The firewall dispatches the security.switch_user event right after the impersonation is completed."

In the file vendor/symfony/security-http/SecurityEvents.php you can find this:

"The SWITCH_USER event occurs before switch to another user..."

If you look at the code below it seems to me like the user is not switched, because in the service it returns PostAuthenticationToken and I expected it to return SwitchUserToken.

public function onSwitchUser(SwitchUserEvent $event): void
    {
        $token = $event->getToken();   dump($token); // This returns SwitchUserToken
        ...
        .... later ....
        $this->someService->someMethod();
    }

The called method:

public function someMethod()
    {
        $token = $this->security->getToken();   dump($token);   // This returns PostAuthenticationToken
        if ($token instanceof SwitchUserToken) 
        {
            $impersonatorUser = $token->getOriginalToken()->getUser();
             ......
        }
    }

And, then when I visit another page which also uses someMethod, it returns SwitchUserToken as expected.

[alamirault]

You're right, event it's dispatch before token is set in TokenStorage, so using service in listener/subcriber cannot have access to the "new" token.

I created #19448 to improve wording, feel free to add suggestion

[DavidPetrasek]

The version I am using is 6.3.8.
If it's really supposed to work according to the documentation, then instead of correcting the documentation it would be probably better if someone just fixes it, so the the user is fully switched when security.switch_user event is dispatched. If so, feel free to move this issue from symfony-docs to the main symfony repo.