Allow disabling redirect on login

jvasseur · jvasseur · commit 799d8aee065f · 2022-05-11T14:22:48.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -6,6 +6,7 @@ CHANGELOG
 
  * The `security.access_control` now accepts a `RequestMatcherInterface` under the `request_matcher` option as scope configuration
  * Display the inherited roles of the logged-in user in the Web Debug Toolbar
+ * Allow disabling the redirection on successful logout by passing `null` to the `target` option
 
 6.0
 ---
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -400,10 +400,12 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
                 'logout_path' => $firewall['logout']['path'],
             ]);
 
-            $logoutSuccessListenerId = 'security.logout.listener.default.'.$id;
-            $container->setDefinition($logoutSuccessListenerId, new ChildDefinition('security.logout.listener.default'))
-                ->replaceArgument(1, $firewall['logout']['target'])
-                ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
+            if (null !== $firewall['logout']['target']) {
+                $logoutSuccessListenerId = 'security.logout.listener.default.'.$id;
+                $container->setDefinition($logoutSuccessListenerId, new ChildDefinition('security.logout.listener.default'))
+                    ->replaceArgument(1, $firewall['logout']['target'])
+                    ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
+            }
 
             // add CSRF provider
             if (isset($firewall['logout']['csrf_token_generator'])) {
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -780,6 +780,25 @@ public function testConfigureCustomFirewallListener()
         $this->assertContains('custom_firewall_listener_id', $firewallListeners);
     }
 
+    public function testDisableLogoutTarget()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', [
+            'firewalls' => [
+                'main' => [
+                    'logout' => [
+                        'target' => null,
+                    ],
+                ],
+            ],
+        ]);
+
+        $container->compile();
+
+        $this->assertFalse($container->hasDefinition('security.logout.listener.default.main'));
+    }
+
     protected function getRawContainer()
     {
         $container = new ContainerBuilder();
diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json
@@ -27,7 +27,7 @@
         "symfony/password-hasher": "^5.4|^6.0",
         "symfony/security-core": "^5.4|^6.0",
         "symfony/security-csrf": "^5.4|^6.0",
-        "symfony/security-http": "^5.4|^6.0"
+        "symfony/security-http": "^5.4|^6.1"
     },
     "require-dev": {
         "doctrine/annotations": "^1.10.4",
diff --git a/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php b/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
@@ -87,13 +87,12 @@ public function authenticate(RequestEvent $event)
         $this->eventDispatcher->dispatch($logoutEvent);
 
         $response = $logoutEvent->getResponse();
-        if (!$response instanceof Response) {
-            throw new \RuntimeException('No logout listener set the Response, make sure at least the DefaultLogoutListener is registered.');
-        }
 
         $this->tokenStorage->setToken(null);
 
-        $event->setResponse($response);
+        if ($response) {
+            $event->setResponse($response);
+        }
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/LogoutListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/LogoutListenerTest.php
@@ -122,8 +122,6 @@ public function testHandleMatchedPathWithoutCsrfValidation()
 
     public function testNoResponseSet()
     {
-        $this->expectException(\RuntimeException::class);
-
         [$listener, , $httpUtils, $options] = $this->getListener();
 
         $request = new Request();
@@ -133,7 +131,11 @@ public function testNoResponseSet()
             ->with($request, $options['logout_path'])
             ->willReturn(true);
 
-        $listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
+        $event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);
+
+        $listener($event);
+
+        $this->assertNull($event->getResponse());
     }
 
     /**
