[Security] Dispatch an event when "logout user on change" steps in

Amrouche Hamza · Amrouche Hamza · commit 5765f695a70d · 2019-04-18T16:44:49.000+02:00
diff --git a/src/Symfony/Component/Security/Http/Event/LogoutOnChangeEvent.php b/src/Symfony/Component/Security/Http/Event/LogoutOnChangeEvent.php
@@ -0,0 +1,47 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Event;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Contracts\EventDispatcher\Event;
+
+/**
+ * @author Hamza Amrouche <hamza.simperfit@gmail.com>
+ */
+class LogoutOnChangeEvent extends Event
+{
+    private $token;
+    private $user;
+
+    public function __construct(TokenInterface $token, UserInterface $user)
+    {
+        $this->token = $token;
+        $this->user = $user;
+    }
+
+    /**
+     * @return TokenInterface The token used to refresh the user
+     */
+    public function getToken(): TokenInterface
+    {
+        return $this->token;
+    }
+
+    /**
+     * @return UserInterface The user refreshed by the provider
+     */
+    public function getUser(): UserInterface
+    {
+        return $this->user;
+    }
+}
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -28,6 +28,8 @@
 use Symfony\Component\Security\Core\Role\SwitchUserRole;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Http\Event\LogoutOnChangeEvent;
+use Symfony\Component\Security\Http\SecurityEvents;
 
 /**
  * ContextListener manages the SecurityContext persistence through a session.
@@ -186,6 +188,10 @@ protected function refreshUser(TokenInterface $token)
                         $this->logger->debug('Cannot refresh token because user has changed.', ['username' => $refreshedUser->getUsername(), 'provider' => \get_class($provider)]);
                     }
 
+                    if (null !== $this->dispatcher) {
+                        $this->dispatcher->dispatch(new LogoutOnChangeEvent($token, $refreshedUser), SecurityEvents::LOGOUT_ON_CHANGE);
+                    }
+
                     continue;
                 }
 
diff --git a/src/Symfony/Component/Security/Http/SecurityEvents.php b/src/Symfony/Component/Security/Http/SecurityEvents.php
@@ -31,4 +31,12 @@ final class SecurityEvents
      * @Event("Symfony\Component\Security\Http\Event\SwitchUserEvent")
      */
     const SWITCH_USER = 'security.switch_user';
+
+    /**
+     * The LOGOUT_ON_CHANGE event occurs when a token has been deauthenticated
+     * because of a user change.
+     *
+     * @Event("Symfony\Component\Security\Http\Event\LogoutOnChangeEvent")
+     */
+    const LOGOUT_ON_CHANGE = 'security.logout_on_change';
 }
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
@@ -32,6 +32,7 @@
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Http\Firewall\ContextListener;
+use Symfony\Component\Security\Http\SecurityEvents;
 
 class ContextListenerTest extends TestCase
 {
@@ -313,6 +314,30 @@ public function testAcceptsProvidersAsTraversable()
         $this->assertSame($refreshedUser, $tokenStorage->getToken()->getUser());
     }
 
+    public function testLogoutOnChangeEventAsBeenSent()
+    {
+        $tokenStorage = new TokenStorage();
+        $refreshedUser = new User('foobar', 'baz');
+
+        $user = new User('foo', 'bar');
+        $session = new Session(new MockArraySessionStorage());
+        $session->set('_security_context_key', serialize(new UsernamePasswordToken($user, '', 'context_key', ['ROLE_USER'])));
+
+        $request = new Request();
+        $request->setSession($session);
+        $request->cookies->set('MOCKSESSID', true);
+
+        $eventDispatcher = new EventDispatcher();
+        $eventDispatcher->addListener(SecurityEvents::LOGOUT_ON_CHANGE, function ($event) use ($refreshedUser) {
+            $this->assertEquals($event->getWrappedEvent()->getUser(), $refreshedUser);
+        });
+
+        $listener = new ContextListener($tokenStorage, [new NotSupportingUserProvider(), new SupportingUserProvider($refreshedUser)], 'context_key', null, $eventDispatcher);
+        $listener(new RequestEvent($this->getMockBuilder(HttpKernelInterface::class)->getMock(), $request, HttpKernelInterface::MASTER_REQUEST));
+
+        $this->assertNull($tokenStorage->getToken());
+    }
+
     protected function runSessionOnKernelResponse($newToken, $original = null)
     {
         $session = new Session(new MockArraySessionStorage());
