From dabff0e4d50aae778a71f2a951d6428abdaf7021 Mon Sep 17 00:00:00 2001
From: Danny Berger <dpb587@gmail.com>
Date: Fri, 14 Oct 2011 20:27:53 -0400
Subject: [PATCH] [Security] Support removing tokens from a session.

---
 .../Http/Firewall/ContextListener.php         | 16 ++--
 .../Http/Firewall/ContextListenerTest.php     | 81 +++++++++++++++++++
 2 files changed, 88 insertions(+), 9 deletions(-)
 create mode 100644 tests/Symfony/Tests/Component/Security/Http/Firewall/ContextListenerTest.php

diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
index 6fb77e9d60..1c9d51bf19 100644
--- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -93,19 +93,17 @@ class ContextListener implements ListenerInterface
             return;
         }
 
-        if (null === $token = $this->context->getToken()) {
-            return;
-        }
-
-        if (null === $token || $token instanceof AnonymousToken) {
-            return;
-        }
-
         if (null !== $this->logger) {
             $this->logger->debug('Write SecurityContext in the session');
         }
 
-        $event->getRequest()->getSession()->set('_security_'.$this->contextKey, serialize($token));
+        $session = $event->getRequest()->getSession();
+
+        if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) {
+            $session->remove('_security_'.$this->contextKey);
+        } else {
+            $session->set('_security_'.$this->contextKey, serialize($token));
+        }
     }
 
     /**
diff --git a/tests/Symfony/Tests/Component/Security/Http/Firewall/ContextListenerTest.php b/tests/Symfony/Tests/Component/Security/Http/Firewall/ContextListenerTest.php
new file mode 100644
index 0000000000..6837f5c1c0
--- /dev/null
+++ b/tests/Symfony/Tests/Component/Security/Http/Firewall/ContextListenerTest.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace Symfony\Test\Component\Security\Http\Firewall;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session;
+use Symfony\Component\HttpFoundation\SessionStorage\ArraySessionStorage;
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\SecurityContext;
+use Symfony\Component\Security\Http\Firewall\ContextListener;
+
+class ContextListenerTest extends \PHPUnit_Framework_TestCase
+{
+    public function testOnKernelResponseWillAddSession()
+    {
+        $session = $this->runSessionOnKernelResponse(
+            new UsernamePasswordToken('test1', 'pass1', 'phpunit'),
+            null
+        );
+
+        $token = unserialize($session->get('_security_session'));
+        $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $token);
+        $this->assertEquals('test1', $token->getUsername());
+    }
+
+    public function testOnKernelResponseWillReplaceSession()
+    {
+        $session = $this->runSessionOnKernelResponse(
+            new UsernamePasswordToken('test1', 'pass1', 'phpunit'),
+            'C:10:"serialized"'
+        );
+
+        $token = unserialize($session->get('_security_session'));
+        $this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken', $token);
+        $this->assertEquals('test1', $token->getUsername());
+    }
+
+    public function testOnKernelResponseWillRemoveSession()
+    {
+        $session = $this->runSessionOnKernelResponse(
+            null,
+            'C:10:"serialized"'
+        );
+
+        $this->assertFalse($session->has('_security_session'));
+    }
+
+    protected function runSessionOnKernelResponse($newToken, $original = null)
+    {
+        $session = new Session(new ArraySessionStorage());
+
+        if ($original !== null) {
+            $session->set('_security_session', $original);
+        }
+
+
+        $securityContext = new SecurityContext(
+            $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface'),
+            $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')
+        );
+        $securityContext->setToken($newToken);
+
+        $request = new Request();
+        $request->setSession($session);
+
+        $event = new FilterResponseEvent(
+            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
+            $request,
+            HttpKernelInterface::MASTER_REQUEST,
+            new Response()
+        );
+
+        $listener = new ContextListener($securityContext, array(), 'session');
+        $listener->onKernelResponse($event);
+
+        return $session;
+    }
+}