/
LogOutController.php
115 lines (94 loc) · 3.08 KB
/
LogOutController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Forum\Controller;
use Flarum\Http\Exception\TokenMismatchException;
use Flarum\Http\Rememberer;
use Flarum\Http\RequestUtil;
use Flarum\Http\SessionAuthenticator;
use Flarum\Http\UrlGenerator;
use Flarum\User\Event\LoggedOut;
use Illuminate\Contracts\Events\Dispatcher;
use Illuminate\Contracts\View\Factory;
use Illuminate\Support\Arr;
use Laminas\Diactoros\Response\HtmlResponse;
use Laminas\Diactoros\Response\RedirectResponse;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface;
class LogOutController implements RequestHandlerInterface
{
/**
* @var Dispatcher
*/
protected $events;
/**
* @var SessionAuthenticator
*/
protected $authenticator;
/**
* @var Rememberer
*/
protected $rememberer;
/**
* @var Factory
*/
protected $view;
/**
* @var UrlGenerator
*/
protected $url;
/**
* @param Dispatcher $events
* @param SessionAuthenticator $authenticator
* @param Rememberer $rememberer
* @param Factory $view
* @param UrlGenerator $url
*/
public function __construct(
Dispatcher $events,
SessionAuthenticator $authenticator,
Rememberer $rememberer,
Factory $view,
UrlGenerator $url
) {
$this->events = $events;
$this->authenticator = $authenticator;
$this->rememberer = $rememberer;
$this->view = $view;
$this->url = $url;
}
/**
* @param Request $request
* @return ResponseInterface
* @throws TokenMismatchException
*/
public function handle(Request $request): ResponseInterface
{
$session = $request->getAttribute('session');
$actor = RequestUtil::getActor($request);
$url = Arr::get($request->getQueryParams(), 'return', $this->url->to('forum')->base());
// If there is no user logged in, return to the index.
if ($actor->isGuest()) {
return new RedirectResponse($url);
}
// If a valid CSRF token hasn't been provided, show a view which will
// allow the user to press a button to complete the log out process.
$csrfToken = $session->token();
if (Arr::get($request->getQueryParams(), 'token') !== $csrfToken) {
$return = Arr::get($request->getQueryParams(), 'return');
$view = $this->view->make('flarum.forum::log-out')
->with('url', $this->url->to('forum')->route('logout').'?token='.$csrfToken.($return ? '&return='.urlencode($return) : ''));
return new HtmlResponse($view->render());
}
$response = new RedirectResponse($url);
$this->authenticator->logOut($session);
$actor->accessTokens()->delete();
$this->events->dispatch(new LoggedOut($actor));
return $this->rememberer->forget($response);
}
}