[Security] fixes a bug when clearing cookies on logout
This commit is contained in:
parent
b685b3ab4d
commit
44b89e5ac3
@ -22,24 +22,15 @@ use Symfony\Component\HttpFoundation\Request;
|
|||||||
*/
|
*/
|
||||||
class CookieClearingLogoutHandler implements LogoutHandlerInterface
|
class CookieClearingLogoutHandler implements LogoutHandlerInterface
|
||||||
{
|
{
|
||||||
protected $cookieNames;
|
protected $cookies;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor
|
* Constructor
|
||||||
* @param array $cookieNames An array of cookie names to unset
|
* @param array $cookies An array of cookie names to unset
|
||||||
*/
|
*/
|
||||||
public function __construct(array $cookieNames)
|
public function __construct(array $cookies)
|
||||||
{
|
{
|
||||||
$this->cookieNames = $cookieNames;
|
$this->cookies = $cookies;
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the names of the cookies to unset
|
|
||||||
* @return array
|
|
||||||
*/
|
|
||||||
public function getCookieNames()
|
|
||||||
{
|
|
||||||
return $this->cookieNames;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -52,8 +43,8 @@ class CookieClearingLogoutHandler implements LogoutHandlerInterface
|
|||||||
*/
|
*/
|
||||||
public function logout(Request $request, Response $response, TokenInterface $token)
|
public function logout(Request $request, Response $response, TokenInterface $token)
|
||||||
{
|
{
|
||||||
foreach ($this->cookieNames as $cookieName) {
|
foreach ($this->cookies as $cookieName => $cookieData) {
|
||||||
$response->headers->clearCookie($cookieName);
|
$response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -17,22 +17,13 @@ use Symfony\Component\Security\Http\Logout\CookieClearingLogoutHandler;
|
|||||||
|
|
||||||
class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
|
class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
|
||||||
{
|
{
|
||||||
public function testConstructor()
|
|
||||||
{
|
|
||||||
$cookieNames = array('foo', 'foo2', 'foo3');
|
|
||||||
|
|
||||||
$handler = new CookieClearingLogoutHandler($cookieNames);
|
|
||||||
|
|
||||||
$this->assertEquals($cookieNames, $handler->getCookieNames());
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testLogout()
|
public function testLogout()
|
||||||
{
|
{
|
||||||
$request = new Request();
|
$request = new Request();
|
||||||
$response = new Response();
|
$response = new Response();
|
||||||
$token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
$token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
||||||
|
|
||||||
$handler = new CookieClearingLogoutHandler(array('foo', 'foo2'));
|
$handler = new CookieClearingLogoutHandler(array('foo' => array('path' => '/foo', 'domain' => 'foo.foo'), 'foo2' => array('path' => null, 'domain' => null)));
|
||||||
|
|
||||||
$this->assertFalse($response->headers->hasCookie('foo'));
|
$this->assertFalse($response->headers->hasCookie('foo'));
|
||||||
|
|
||||||
@ -43,10 +34,14 @@ class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
|
|||||||
|
|
||||||
$cookie = $cookies['foo'];
|
$cookie = $cookies['foo'];
|
||||||
$this->assertEquals('foo', $cookie->getName());
|
$this->assertEquals('foo', $cookie->getName());
|
||||||
|
$this->assertEquals('/foo', $cookie->getPath());
|
||||||
|
$this->assertEquals('foo.foo', $cookie->getDomain());
|
||||||
$this->assertTrue($cookie->isCleared());
|
$this->assertTrue($cookie->isCleared());
|
||||||
|
|
||||||
$cookie = $cookies['foo2'];
|
$cookie = $cookies['foo2'];
|
||||||
$this->assertStringStartsWith('foo2', $cookie->getName());
|
$this->assertStringStartsWith('foo2', $cookie->getName());
|
||||||
|
$this->assertNull($cookie->getPath());
|
||||||
|
$this->assertNull($cookie->getDomain());
|
||||||
$this->assertTrue($cookie->isCleared());
|
$this->assertTrue($cookie->isCleared());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user