[Security] Add a method in the security helper to ease programmatic logout (#40663)

johnkrovitch · johnkrovitch · commit e824ed622f47 · 2021-12-02T15:51:31.000+01:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -353,6 +353,12 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         $container->register($firewallEventDispatcherId, EventDispatcher::class)
             ->addTag('event_dispatcher.dispatcher', ['name' => $firewallEventDispatcherId]);
 
+        $container
+            ->getDefinition('security.firewall.event_dispatcher_map')
+            ->setLazy(true)
+            ->addMethodCall('addEventDispatcher', [$id, new Reference($firewallEventDispatcherId)])
+        ;
+
         // Register listeners
         $listeners = [];
         $listenerKeys = [];
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
@@ -79,6 +79,9 @@
             ->args([service_locator([
                 'security.token_storage' => service('security.token_storage'),
                 'security.authorization_checker' => service('security.authorization_checker'),
+                'request_stack' => service('request_stack'),
+                'security.firewall.map' => service('security.firewall.map'),
+                'security.firewall.event_dispatcher_map' => service('security.firewall.event_dispatcher_map'),
             ])])
         ->alias(Security::class, 'security.helper')
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php
@@ -25,6 +25,7 @@
 use Symfony\Component\Security\Http\Firewall\ExceptionListener;
 use Symfony\Component\Security\Http\Firewall\LogoutListener;
 use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
+use Symfony\Component\Security\Http\FirewallEventDispatcherMap;
 
 return static function (ContainerConfigurator $container) {
     $container->services()
@@ -159,5 +160,7 @@
                 service('security.access_map'),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
+
+        ->set('security.firewall.event_dispatcher_map', FirewallEventDispatcherMap::class)
     ;
 };
diff --git a/src/Symfony/Component/Security/Core/Security.php b/src/Symfony/Component/Security/Core/Security.php
@@ -15,6 +15,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Event\LogoutEvent;
 
 /**
  * Helper class for commonly-needed security tasks.
@@ -57,4 +58,23 @@ public function getToken(): ?TokenInterface
     {
         return $this->container->get('security.token_storage')->getToken();
     }
+
+    /**
+     * Logout the current user automatically. Dispatch the logout event.
+     */
+    public function logout(): void
+    {
+        $request = $this->container->get('request_stack')->getCurrentRequest();
+        $logoutEvent = new LogoutEvent($request, $this->container->get('security.token_storage')->getToken());
+
+        $firewallName = $this
+            ->container
+            ->get('security.firewall.map')
+            ->getFirewallConfig($request)
+            ->getName()
+        ;
+
+        $this->container->get('security.firewall.event_dispatcher_map')->getEventDispatcher($firewallName)->dispatch($logoutEvent);
+        $this->container->get('security.token_storage')->setToken();
+    }
 }
diff --git a/src/Symfony/Component/Security/Core/Tests/SecurityTest.php b/src/Symfony/Component/Security/Core/Tests/SecurityTest.php
@@ -11,14 +11,22 @@
 
 namespace Symfony\Component\Security\Core\Tests;
 
+use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Container\ContainerInterface;
+use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
+use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Http\Event\LogoutEvent;
+use Symfony\Component\Security\Http\FirewallEventDispatcherMapInterface;
+use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
 
 class SecurityTest extends TestCase
 {
@@ -81,7 +89,67 @@ public function testIsGranted()
         $this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
     }
 
-    private function createContainer($serviceId, $serviceObject)
+    public function testAutoLogout()
+    {
+        $request = new Request();
+        $requestStack = $this->createMock(RequestStack::class);
+        $requestStack
+            ->expects($this->once())
+            ->method('getCurrentRequest')
+            ->willReturn($request)
+        ;
+
+        $token = $this->createMock(TokenInterface::class);
+        $tokenStorage = $this->createMock(TokenStorageInterface::class);
+        $tokenStorage
+            ->expects($this->once())
+            ->method('getToken')
+            ->willReturn($token)
+        ;
+        $tokenStorage
+            ->expects($this->once())
+            ->method('setToken')
+        ;
+
+        $eventDispatcher = $this->createMock(EventDispatcherInterface::class);
+        $eventDispatcher
+            ->expects($this->once())
+            ->method('dispatch')
+            ->with(new LogoutEvent($request, $token))
+        ;
+
+        $firewallMap = $this->createMock(FirewallMap::class);
+        $firewallConfig = new FirewallConfig('my_firewall', 'user_checker');
+        $firewallMap
+            ->expects($this->once())
+            ->method('getFirewallConfig')
+            ->willReturn($firewallConfig)
+        ;
+
+        $eventDispatcherMap = $this->createMock(FirewallEventDispatcherMapInterface::class);
+        $eventDispatcherMap
+            ->expects($this->once())
+            ->method('getEventDispatcher')
+            ->with('my_firewall')
+            ->willReturn($eventDispatcher)
+        ;
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+                ['security.token_storage', $tokenStorage],
+                ['security.firewall.map', $firewallMap],
+                ['security.firewall.event_dispatcher_map', $eventDispatcherMap],
+            ])
+        ;
+        $security = new Security($container);
+        $security->logout();
+    }
+
+    private function createContainer($serviceId, $serviceObject): MockObject
     {
         $container = $this->createMock(ContainerInterface::class);
 
diff --git a/src/Symfony/Component/Security/Http/FirewallEventDispatcherMap.php b/src/Symfony/Component/Security/Http/FirewallEventDispatcherMap.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Symfony\Component\Security\Http;
+
+use Symfony\Component\Security\Core\Exception\LogicException;
+use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
+
+class FirewallEventDispatcherMap implements FirewallEventDispatcherMapInterface
+{
+    private array $map = [];
+
+    public function addEventDispatcher(string $firewallName, EventDispatcherInterface $eventDispatcher): void
+    {
+        $this->map[$firewallName] = $eventDispatcher;
+    }
+
+    public function getEventDispatcher(string $firewallName): ?EventDispatcherInterface
+    {
+        if (array_key_exists($firewallName, $this->map)) {
+            return $this->map[$firewallName];
+        }
+
+        throw new LogicException(sprintf('The firewall "%s" does not have an event dispatcher', $firewallName));
+    }
+}
diff --git a/src/Symfony/Component/Security/Http/FirewallEventDispatcherMapInterface.php b/src/Symfony/Component/Security/Http/FirewallEventDispatcherMapInterface.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace Symfony\Component\Security\Http;
+
+use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
+
+interface FirewallEventDispatcherMapInterface
+{
+    public function getEventDispatcher(string $firewallName): ?EventDispatcherInterface;
+}
