[Security] Add a method in the security helper to ease programmatic logout (#40663)

johnkrovitch · johnkrovitch · commit 23aad7b1c10f · 2021-05-31T11:35:49.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
@@ -90,6 +90,8 @@
             ->args([service_locator([
                 'security.token_storage' => service('security.token_storage'),
                 'security.authorization_checker' => service('security.authorization_checker'),
+                'request_stack' => service('request_stack'),
+                'event_dispatcher' => service('event_dispatcher'),
             ])])
         ->alias(Security::class, 'security.helper')
 
diff --git a/src/Symfony/Component/Security/Core/Security.php b/src/Symfony/Component/Security/Core/Security.php
@@ -15,6 +15,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Event\LogoutEvent;
 
 /**
  * Helper class for commonly-needed security tasks.
@@ -69,4 +70,15 @@ public function getToken(): ?TokenInterface
     {
         return $this->container->get('security.token_storage')->getToken();
     }
+
+    /**
+     * Logout the current user automatically. Dispatch the logout event.
+     */
+    public function autoLogout(): void
+    {
+        $request = $this->container->get('request_stack')->getCurrentRequest();
+        $logoutEvent = new LogoutEvent($request, $this->container->get('security.token_storage')->getToken());
+        $this->container->get('event_dispatcher')->dispatch($logoutEvent);
+        $this->container->get('security.token_storage')->setToken();
+    }
 }
diff --git a/src/Symfony/Component/Security/Core/Tests/SecurityTest.php b/src/Symfony/Component/Security/Core/Tests/SecurityTest.php
@@ -11,14 +11,19 @@
 
 namespace Symfony\Component\Security\Core\Tests;
 
+use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Container\ContainerInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Http\Event\LogoutEvent;
+use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
 
 class SecurityTest extends TestCase
 {
@@ -85,7 +90,50 @@ public function testIsGranted()
         $this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
     }
 
-    private function createContainer($serviceId, $serviceObject)
+    public function testAutoLogout()
+    {
+        $request = new Request();
+        $requestStack = $this->createMock(RequestStack::class);
+        $requestStack
+            ->expects($this->once())
+            ->method('getCurrentRequest')
+            ->willReturn($request)
+        ;
+
+        $token = $this->createMock(TokenInterface::class);
+        $tokenStorage = $this->createMock(TokenStorageInterface::class);
+        $tokenStorage
+            ->expects($this->once())
+            ->method('getToken')
+            ->willReturn($token)
+        ;
+        $tokenStorage
+            ->expects($this->once())
+            ->method('setToken')
+        ;
+
+        $eventDispatcher = $this->createMock(EventDispatcherInterface::class);
+        $eventDispatcher
+            ->expects($this->once())
+            ->method('dispatch')
+            ->with(new LogoutEvent($request, $token))
+        ;
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+                ['security.token_storage', $tokenStorage],
+                ['event_dispatcher', $eventDispatcher],
+            ])
+        ;
+        $security = new Security($container);
+        $security->autoLogout();
+    }
+
+    private function createContainer($serviceId, $serviceObject): MockObject
     {
         $container = $this->createMock(ContainerInterface::class);
 
