vendor/pimcore/pimcore/bundles/AdminBundle/Security/Event/LogoutListener.php line 72

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Commercial License (PCL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  14.  */
  16. namespace Pimcore\Bundle\AdminBundle\Security\Event;
  18. use Pimcore\Event\Admin\Login\LogoutEvent as PimcoreLogoutEvent;
  19. use Pimcore\Event\AdminEvents;
  20. use Pimcore\Model\Element\Editlock;
  21. use Pimcore\Model\User;
  22. use Pimcore\Tool\Session;
  23. use Psr\Log\LoggerAwareInterface;
  24. use Psr\Log\LoggerAwareTrait;
  25. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  26. use Symfony\Component\HttpFoundation\Cookie;
  27. use Symfony\Component\HttpFoundation\RedirectResponse;
  28. use Symfony\Component\HttpFoundation\Request;
  29. use Symfony\Component\HttpFoundation\Response;
  30. use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface;
  31. use Symfony\Component\Routing\RouterInterface;
  32. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  33. use Symfony\Component\Security\Http\Event\LogoutEvent;
  34. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  36. /**
  37.  * Handle logout. This was originally implemented as LogoutHandler, but wasn't triggered as the token was empty at call
  38.  * time in LogoutListener::handle was called. As the logout success handler is always triggered it is now implemented as
  39.  * success handler.
  40.  *
  41.  *
  42.  * @internal
  43.  */
  44. class LogoutListener implements EventSubscriberInterfaceLoggerAwareInterface
  45. {
  46.     use LoggerAwareTrait;
  48.     public static function getSubscribedEvents(): array
  49.     {
  50.         return [
  51.             LogoutEvent::class => 'onLogout',
  52.         ];
  53.     }
  55.     /**
  56.      * @param TokenStorageInterface $tokenStorage
  57.      * @param RouterInterface $router
  58.      * @param EventDispatcherInterface $eventDispatcher
  59.      */
  60.     public function __construct(
  61.         protected TokenStorageInterface $tokenStorage,
  62.         protected RouterInterface $router,
  63.         protected EventDispatcherInterface $eventDispatcher
  64.     ) {
  65.     }
  67.     /**
  68.      * @param LogoutEvent $event
  69.      *
  70.      * @return RedirectResponse|Response
  71.      */
  72.     public function onLogout(LogoutEvent $event): RedirectResponse|Response
  73.     {
  74.         $request $event->getRequest();
  76.         return $this->onLogoutSuccess($request);
  77.     }
  79.     /**
  80.      * @param Request $request
  81.      *
  82.      * @return RedirectResponse|Response
  83.      */
  84.     public function onLogoutSuccess(Request $request): RedirectResponse|Response
  85.     {
  86.         $this->logger->debug('Logging out');
  88.         $this->tokenStorage->setToken(null);
  90.         // clear open edit locks for this session
  91.         Editlock::clearSession(Session::getSessionId());
  93.         /** @var PimcoreLogoutEvent|null $event */
  94.         $event Session::useSession(function (AttributeBagInterface $adminSession) use ($request) {
  95.             $event null;
  97.             $user $adminSession->get('user');
  98.             if ($user && $user instanceof User) {
  99.                 $event = new PimcoreLogoutEvent($request$user);
  100.                 $this->eventDispatcher->dispatch($eventAdminEvents::LOGIN_LOGOUT);
  102.                 $adminSession->remove('user');
  103.             }
  105.             Session::invalidate();
  107.             return $event;
  108.         });
  110.         if ($event && $event->hasResponse()) {
  111.             $response $event->getResponse();
  112.         } else {
  113.             $response = new RedirectResponse($this->router->generate('pimcore_admin_index'));
  114.         }
  116.         // cleanup pimcore-cookies => 315554400 => strtotime('1980-01-01')
  117.         $response->headers->setCookie(new Cookie('pimcore_opentabs'null315554400));
  118.         // clear cookie -> we can't use $response->headers->clearCookie() because it doesn't allow $secure = null
  119.         $response->headers->setCookie(new Cookie('pimcore_admin_sid'null1));
  121.         if ($response instanceof RedirectResponse) {
  122.             $this->logger->debug('Logout succeeded, redirecting to ' $response->getTargetUrl());
  123.         }
  125.         return $response;
  126.     }
  127. }