From 5611f88211a9ee8341cc8fcd52a0ca0446bc52e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnaud=20Fr=C3=A9zet?= Date: Thu, 22 Sep 2022 00:03:37 +0200 Subject: [PATCH 1/2] docs: add docs for programmatic logout --- security.rst | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/security.rst b/security.rst index c70b01d8652..5641e825742 100644 --- a/security.rst +++ b/security.rst @@ -1723,6 +1723,49 @@ Next, you need to create a route for this URL (but not a controller): That's it! By sending a user to the ``app_logout`` route (i.e. to ``/logout``) Symfony will un-authenticate the current user and redirect them. +Logout programmatically +----------------------- + +.. versionadded:: 6.2 + + The :class:`Symfony\Bundle\SecurityBundle\Security\Security ` + class was introduced in Symfony 6.2. Prior to 6.2, it was called + ``Symfony\Component\Security\Core\Security``. + +.. versionadded:: 6.2 + + The :method:`Symfony\\Bundle\\SecurityBundle\\Security\\Security::logout` + method was introduced in Symfony 6.2. + +You can logout user programmatically using the `logout()` method of the +:class:`Symfony\\Bundle\\SecurityBundle\\Security\\Security` helper. The user will be logout from the current firewall +in the request. If the current request is not behind a firewall a ``\LogicException`` will be thrown. :: + + // src/Controller/SecurityController.php + namespace App\Controller\SecurityController; + + use App\Security\Authenticator\ExampleAuthenticator; + use Symfony\Bundle\SecurityBundle\Security\Security; + + class SecurityController + { + public function someAction(Security $security): Response + { + // logout the user in on the current firewall + $response = $this->security->logout(); + + // You can also disable the csrf logout + $response = $this->security->logout(false); + + if ($response !== null) { + return $response; + } + + // Redirect to the homepage for instance + // ... + } + } + Customizing Logout ~~~~~~~~~~~~~~~~~~ From ac46df4dd4dc8514cf1f0e58f7d7e3fb3e44e104 Mon Sep 17 00:00:00 2001 From: Wouter de Jong Date: Sun, 16 Oct 2022 21:57:33 +0200 Subject: [PATCH 2/2] [#17328] Minor changes --- security.rst | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/security.rst b/security.rst index 5641e825742..13476970fef 100644 --- a/security.rst +++ b/security.rst @@ -1724,7 +1724,7 @@ That's it! By sending a user to the ``app_logout`` route (i.e. to ``/logout``) Symfony will un-authenticate the current user and redirect them. Logout programmatically ------------------------ +~~~~~~~~~~~~~~~~~~~~~~~ .. versionadded:: 6.2 @@ -1737,14 +1737,12 @@ Logout programmatically The :method:`Symfony\\Bundle\\SecurityBundle\\Security\\Security::logout` method was introduced in Symfony 6.2. -You can logout user programmatically using the `logout()` method of the -:class:`Symfony\\Bundle\\SecurityBundle\\Security\\Security` helper. The user will be logout from the current firewall -in the request. If the current request is not behind a firewall a ``\LogicException`` will be thrown. :: +You can logout user programmatically using the ``logout()`` method of the +:class:`Symfony\\Bundle\\SecurityBundle\\Security\\Security` helper:: // src/Controller/SecurityController.php namespace App\Controller\SecurityController; - use App\Security\Authenticator\ExampleAuthenticator; use Symfony\Bundle\SecurityBundle\Security\Security; class SecurityController @@ -1752,20 +1750,18 @@ in the request. If the current request is not behind a firewall a ``\LogicExcept public function someAction(Security $security): Response { // logout the user in on the current firewall - $response = $this->security->logout(); - - // You can also disable the csrf logout - $response = $this->security->logout(false); + $response = $security->logout(); - if ($response !== null) { - return $response; - } + // you can also disable the csrf logout + $response = $security->logout(false); - // Redirect to the homepage for instance - // ... + // ... return $response (if set) or e.g. redirect to the homepage } } +The user will be logout from the firewall of the request. If the request is +not behind a firewall a ``\LogicException`` will be thrown. + Customizing Logout ~~~~~~~~~~~~~~~~~~