|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/* |
|
6
|
|
|
* This file is part of Biurad opensource projects. |
|
7
|
|
|
* |
|
8
|
|
|
* PHP version 7.4 and above required |
|
9
|
|
|
* |
|
10
|
|
|
* @author Divine Niiquaye Ibok <[email protected]> |
|
11
|
|
|
* @copyright 2019 Biurad Group (https://biurad.com/) |
|
12
|
|
|
* @license https://opensource.org/licenses/BSD-3-Clause License |
|
13
|
|
|
* |
|
14
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
15
|
|
|
* file that was distributed with this source code. |
|
16
|
|
|
* |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
namespace Biurad\Security\Handler; |
|
20
|
|
|
|
|
21
|
|
|
use Biurad\Http\Request; |
|
22
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
23
|
|
|
use Symfony\Component\HttpFoundation\Session\SessionInterface; |
|
24
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; |
|
25
|
|
|
use Symfony\Component\Security\Csrf\TokenStorage\ClearableTokenStorageInterface; |
|
26
|
|
|
|
|
27
|
|
|
/** |
|
28
|
|
|
* The default logout handler. |
|
29
|
|
|
* |
|
30
|
|
|
* @author Divine Niiquaye Ibok <[email protected]> |
|
31
|
|
|
*/ |
|
32
|
|
|
class LogoutHandler |
|
33
|
|
|
{ |
|
34
|
|
|
private TokenStorageInterface $tokenStorage; |
|
35
|
|
|
private ?ClearableTokenStorageInterface $csrfTokenStorage; |
|
36
|
|
|
private ?SessionInterface $session; |
|
37
|
|
|
private ?RememberMeHandler $rememberMeHandler; |
|
38
|
|
|
|
|
39
|
|
|
public function __construct( |
|
40
|
|
|
TokenStorageInterface $tokenStorage, |
|
41
|
|
|
ClearableTokenStorageInterface $csrfTokenStorage = null, |
|
42
|
|
|
RememberMeHandler $rememberMeHandler = null, |
|
43
|
|
|
SessionInterface $session = null |
|
44
|
|
|
) { |
|
45
|
|
|
$this->session = $session; |
|
46
|
|
|
$this->tokenStorage = $tokenStorage; |
|
47
|
|
|
$this->csrfTokenStorage = $csrfTokenStorage; |
|
48
|
|
|
$this->rememberMeHandler = $rememberMeHandler; |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
/** |
|
52
|
|
|
* Handler for: |
|
53
|
|
|
* - clearing invalidating the current session |
|
54
|
|
|
* - clearing the token storage |
|
55
|
|
|
* - clearing the CSRF token storage |
|
56
|
|
|
* - clearing the remember me cookie if needed. |
|
57
|
|
|
* |
|
58
|
|
|
* @return array<int,Cookie> The remember me clearing cookies if any. |
|
59
|
|
|
*/ |
|
60
|
|
|
public function handle(ServerRequestInterface $request): array |
|
61
|
|
|
{ |
|
62
|
|
|
$this->tokenStorage->setToken(); |
|
|
|
|
|
|
63
|
|
|
|
|
64
|
|
|
if (null !== $this->csrfTokenStorage) { |
|
65
|
|
|
$this->csrfTokenStorage->clear(); |
|
66
|
|
|
} |
|
67
|
|
|
|
|
68
|
|
|
if (null === $this->session && $request instanceof Request && $request->getRequest()->hasSession()) { |
|
69
|
|
|
$this->session = $request->getRequest()->getSession(); |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
|
if (null !== $this->session) { |
|
73
|
|
|
$this->session->invalidate(); |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
if (null !== $this->rememberMeHandler) { |
|
77
|
|
|
return $this->rememberMeHandler->clearRememberMeCookies($request); |
|
|
|
|
|
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
return null !== $this->rememberMeHandler ? $this->rememberMeHandler->clearRememberMeCookies($request) : []; |
|
81
|
|
|
} |
|
82
|
|
|
} |
|
83
|
|
|
|
biurad /
php-security
Divine Niiquaye Ibok
Loading history...
This check compares calls to functions or methods with their respective definitions. If the call has less arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.