-
-
Notifications
You must be signed in to change notification settings - Fork 829
/
LogOutController.php
73 lines (57 loc) · 2.36 KB
/
LogOutController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Forum\Controller;
use Flarum\Http\Rememberer;
use Flarum\Http\RequestUtil;
use Flarum\Http\SessionAuthenticator;
use Flarum\Http\UrlGenerator;
use Flarum\User\Event\LoggedOut;
use Illuminate\Contracts\Events\Dispatcher;
use Illuminate\Contracts\View\Factory;
use Illuminate\Support\Arr;
use Laminas\Diactoros\Response\HtmlResponse;
use Laminas\Diactoros\Response\RedirectResponse;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface;
class LogOutController implements RequestHandlerInterface
{
public function __construct(
protected Dispatcher $events,
protected SessionAuthenticator $authenticator,
protected Rememberer $rememberer,
protected Factory $view,
protected UrlGenerator $url
) {
}
public function handle(Request $request): ResponseInterface
{
$session = $request->getAttribute('session');
$actor = RequestUtil::getActor($request);
$url = Arr::get($request->getQueryParams(), 'return', $this->url->to('forum')->base());
// If there is no user logged in, return to the index.
if ($actor->isGuest()) {
return new RedirectResponse($url);
}
// If a valid CSRF token hasn't been provided, show a view which will
// allow the user to press a button to complete the log out process.
$csrfToken = $session->token();
if (Arr::get($request->getQueryParams(), 'token') !== $csrfToken) {
$return = Arr::get($request->getQueryParams(), 'return');
$view = $this->view->make('flarum.forum::log-out')
->with('url', $this->url->to('forum')->route('logout').'?token='.$csrfToken.($return ? '&return='.urlencode($return) : ''));
return new HtmlResponse($view->render());
}
$accessToken = $session->get('access_token');
$response = new RedirectResponse($url);
$this->authenticator->logOut($session);
$actor->accessTokens()->where('token', $accessToken)->delete();
$this->events->dispatch(new LoggedOut($actor, false));
return $this->rememberer->forget($response);
}
}