Skip to content

[Security] Dispatch an event when "logout user on change" steps in #26902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
xabbuh opened this issue Apr 12, 2018 · 1 comment
Closed

[Security] Dispatch an event when "logout user on change" steps in #26902

xabbuh opened this issue Apr 12, 2018 · 1 comment
Labels
Feature Security

Comments

@xabbuh
Copy link
Member

xabbuh commented Apr 12, 2018
edited
Loading

Q A
Bug report? no
Feature request? yes
BC Break report? no
RFC? no
Symfony version

With the new logout on user change feature the user token is set to null when a user was changed compared to the one stored in the session. Right now we cannot hook into this step to perform some more clean up tasks like what we can do on manual logouts where we can register custom logout success handler, but we would need to manually wrap the ContextListener instead.

We should find a way to allow this kind of customisation in the ContextListener too to allow for a consistent behaviour between manual and "forced" logouts.
@linaori
Copy link
Contributor

linaori commented Apr 12, 2018
edited
Loading

Would it count as "forced" logout when the user checker denies access on a request that would've otherwise been authenticated? Nevermind, should be all good as the user-checker is during initial authentication only.

@Simperfit Simperfit mentioned this issue Apr 17, 2019
Merged
chalasr pushed a commit that referenced this issue Apr 28, 2019
feature #31138 [Security] Dispatch an event when "logout user on chan…
f24e9a4 
…ge" steps in (Simperfit)

This PR was merged into the 4.3-dev branch.

Discussion
----------

[Security] Dispatch an event when "logout user on change" steps in

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks?    | no     <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass?   | yes    <!-- please add some, will be required by reviewers -->
| Fixed tickets | #26902   <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#11450 <!-- required for new features -->

<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
 - Bug fixes must be submitted against the lowest branch where they apply
   (lowest branches are regularly merged to upper ones so they get the fixes too).
 - Features and deprecations must be submitted against the master branch.
-->

This adds a new event when the user has been changed and has been log out from the apps, it allow someone to register to this event and do something with either to token or the refreshedUser.

Commits
-------

40e4218 [Security] Dispatch an event when "logout user on change" steps in
@chalasr chalasr closed this as completed Apr 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@linaori @xabbuh @chalasr