Skip to content

Commit 27d6697

Browse files
wouterjwouterj
committed
Fixed handling of CSRF logout error
1 parent 4f40da5 commit 27d6697

File tree

2 files changed

+14
-1
lines changed

2 files changed

+14
-1
lines changed

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,8 +174,10 @@ private function handleAccessDeniedException(GetResponseForExceptionEvent $event
174174

175175
private function handleLogoutException(LogoutException $exception)
176176
{
177+
$event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
178+
177179
if (null !== $this->logger) {
178-
$this->logger->info('A LogoutException was thrown.', ['exception' => $exception]);
180+
$this->logger->info('A LogoutException was thrown; wrapping with AccessDeniedHttpException', ['exception' => $exception]);
179181
}
180182
}
181183

src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,17 @@ public function testAccessDeniedExceptionNotFullFledged(\Exception $exception, \
160160
$this->assertSame(null === $eventException ? $exception : $eventException, $event->getException()->getPrevious());
161161
}
162162

163+
public function testLogoutException()
164+
{
165+
$event = $this->createEvent(new LogoutException('Invalid CSRF.'));
166+
167+
$listener = $this->createExceptionListener();
168+
$listener->onKernelException($event);
169+
170+
$this->assertEquals('Forbidden', $event->getResponse()->getContent());
171+
$this->assertEquals(403, $event->getResponse()->getStatusCode());
172+
}
173+
163174
public function getAccessDeniedExceptionProvider()
164175
{
165176
return [

0 commit comments

Comments
 (0)