[Security] fixes a bug when clearing cookies on logout
This commit is contained in:
Johannes M. Schmitt
Fabien Potencier
parent
b685b3ab4d
commit
44b89e5ac3
@ -22,24 +22,15 @@ use Symfony\Component\HttpFoundation\Request;
|
||||
*/
|
||||
class CookieClearingLogoutHandler implements LogoutHandlerInterface
|
||||
{
|
||||
protected $cookieNames;
|
||||
protected $cookies;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
* @param array $cookieNames An array of cookie names to unset
|
||||
* @param array $cookies An array of cookie names to unset
|
||||
*/
|
||||
public function __construct(array $cookieNames)
|
||||
public function __construct(array $cookies)
|
||||
{
|
||||
$this->cookieNames = $cookieNames;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the names of the cookies to unset
|
||||
* @return array
|
||||
*/
|
||||
public function getCookieNames()
|
||||
{
|
||||
return $this->cookieNames;
|
||||
$this->cookies = $cookies;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -52,8 +43,8 @@ class CookieClearingLogoutHandler implements LogoutHandlerInterface
|
||||
*/
|
||||
public function logout(Request $request, Response $response, TokenInterface $token)
|
||||
{
|
||||
foreach ($this->cookieNames as $cookieName) {
|
||||
$response->headers->clearCookie($cookieName);
|
||||
foreach ($this->cookies as $cookieName => $cookieData) {
|
||||
$response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,22 +17,13 @@ use Symfony\Component\Security\Http\Logout\CookieClearingLogoutHandler;
|
||||
|
||||
class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testConstructor()
|
||||
{
|
||||
$cookieNames = array('foo', 'foo2', 'foo3');
|
||||
|
||||
$handler = new CookieClearingLogoutHandler($cookieNames);
|
||||
|
||||
$this->assertEquals($cookieNames, $handler->getCookieNames());
|
||||
}
|
||||
|
||||
public function testLogout()
|
||||
{
|
||||
$request = new Request();
|
||||
$response = new Response();
|
||||
$token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
||||
|
||||
$handler = new CookieClearingLogoutHandler(array('foo', 'foo2'));
|
||||
$handler = new CookieClearingLogoutHandler(array('foo' => array('path' => '/foo', 'domain' => 'foo.foo'), 'foo2' => array('path' => null, 'domain' => null)));
|
||||
|
||||
$this->assertFalse($response->headers->hasCookie('foo'));
|
||||
|
||||
@ -43,10 +34,14 @@ class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
$cookie = $cookies['foo'];
|
||||
$this->assertEquals('foo', $cookie->getName());
|
||||
$this->assertEquals('/foo', $cookie->getPath());
|
||||
$this->assertEquals('foo.foo', $cookie->getDomain());
|
||||
$this->assertTrue($cookie->isCleared());
|
||||
|
||||
$cookie = $cookies['foo2'];
|
||||
$this->assertStringStartsWith('foo2', $cookie->getName());
|
||||
$this->assertNull($cookie->getPath());
|
||||
$this->assertNull($cookie->getDomain());
|
||||
$this->assertTrue($cookie->isCleared());
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user