Source of file LogoutListener.php
Size: 4,508 Bytes - Last Modified: 2013-07-17T08:22:21+02:00
/home/theseer/Downloads/Symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 | <?php /* * This file is part of the Symfony package. * * (c) Fabien Potencier <fabien@symfony.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Http\Firewall; use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Exception\LogoutException; use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface; use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface; /** * LogoutListener logout users. * * @author Fabien Potencier <fabien@symfony.com> */ class LogoutListener implements ListenerInterface { private $securityContext; private $options; private $handlers; private $successHandler; private $httpUtils; private $csrfProvider; /** * Constructor * * @param SecurityContextInterface $securityContext * @param HttpUtils $httpUtils An HttpUtilsInterface instance * @param LogoutSuccessHandlerInterface $successHandler A LogoutSuccessHandlerInterface instance * @param array $options An array of options to process a logout attempt * @param CsrfProviderInterface $csrfProvider A CsrfProviderInterface instance */ public function __construct(SecurityContextInterface $securityContext, HttpUtils $httpUtils, LogoutSuccessHandlerInterface $successHandler, array $options = array(), CsrfProviderInterface $csrfProvider = null) { $this->securityContext = $securityContext; $this->httpUtils = $httpUtils; $this->options = array_merge(array( 'csrf_parameter' => '_csrf_token', 'intention' => 'logout', 'logout_path' => '/logout', ), $options); $this->successHandler = $successHandler; $this->csrfProvider = $csrfProvider; $this->handlers = array(); } /** * Adds a logout handler * * @param LogoutHandlerInterface $handler */ public function addHandler(LogoutHandlerInterface $handler) { $this->handlers[] = $handler; } /** * Performs the logout if requested * * If a CsrfProviderInterface instance is available, it will be used to * validate the request. * * @param GetResponseEvent $event A GetResponseEvent instance * * @throws InvalidCsrfTokenException if the CSRF token is invalid * @throws \RuntimeException if the LogoutSuccessHandlerInterface instance does not return a response * @throws LogoutException */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); if (!$this->requiresLogout($request)) { return; } if (null !== $this->csrfProvider) { $csrfToken = $request->get($this->options['csrf_parameter'], null, true); if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) { throw new LogoutException('Invalid CSRF token.'); } } $response = $this->successHandler->onLogoutSuccess($request); if (!$response instanceof Response) { throw new \RuntimeException('Logout Success Handler did not return a Response.'); } // handle multiple logout attempts gracefully if ($token = $this->securityContext->getToken()) { foreach ($this->handlers as $handler) { $handler->logout($request, $response, $token); } } $this->securityContext->setToken(null); $event->setResponse($response); } /** * Whether this request is asking for logout. * * The default implementation only processed requests to a specific path, * but a subclass could change this to logout requests where * certain parameters is present. * * @param Request $request * * @return Boolean */ protected function requiresLogout(Request $request) { return $this->httpUtils->checkRequestPath($request, $this->options['logout_path']); } } |