From 31668e8acf3980994cf183c172b8a5860bf0865a Mon Sep 17 00:00:00 2001
From: Florian Thoma <florian.thoma@innoweb.com.au>
Date: Tue, 13 Jul 2021 11:45:48 +1000
Subject: [PATCH] fix: remove login marker cookie on logout

Apply suggestions from code review

Co-authored-by: Michal Kleiner <mk@011.nz>
---
 .../SessionAuthenticationHandler.php          |  4 ++++
 .../SessionAuthenticationHandlerTest.php      | 20 ++++++++++++++++++-
 .../SessionAuthenticationHandlerTest.yml      | 11 ++++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.yml

diff --git a/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php b/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php
index 1ce1eaca6..196465adf 100644
--- a/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php
+++ b/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php
@@ -113,5 +113,9 @@ class SessionAuthenticationHandler implements AuthenticationHandler
     {
         $request = $request ?: Controller::curr()->getRequest();
         $request->getSession()->destroy(true, $request);
+
+        if (Member::config()->get('login_marker_cookie')) {
+            Cookie::force_expiry(Member::config()->get('login_marker_cookie'));
+        }
     }
 }
diff --git a/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.php b/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.php
index 800e49563..def203040 100644
--- a/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.php
+++ b/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.php
@@ -4,13 +4,15 @@ namespace SilverStripe\Security\Tests\MemberAuthenticator;
 use SilverStripe\Control\Cookie;
 use SilverStripe\Control\HTTPRequest;
 use SilverStripe\Control\Session;
+use SilverStripe\Core\Config\Config;
 use SilverStripe\Dev\SapphireTest;
-
 use SilverStripe\Security\Member;
 use SilverStripe\Security\MemberAuthenticator\SessionAuthenticationHandler;
 
 class SessionAuthenticationHandlerTest extends SapphireTest
 {
+    protected static $fixture_file = 'SessionAuthenticationHandlerTest.yml';
+
     protected $usesDatabase = true;
 
     /**
@@ -58,4 +60,20 @@ class SessionAuthenticationHandlerTest extends SapphireTest
         $this->assertNotNull($matchedMember);
         $this->assertEquals($matchedMember->Email, $member->Email);
     }
+
+    public function testLoginMarkerCookie()
+    {
+        Config::modify()->set(Member::class, 'login_marker_cookie', 'sslogin');
+
+        /** @var Member $member */
+        $member = $this->objFromFixture(Member::class, 'test');
+
+        $this->logInAs($member);
+
+        $this->assertNotNull(Cookie::get('sslogin'), 'Login marker cookie is set after logging in');
+
+        $this->logOut();
+
+        $this->assertNull(Cookie::get('sslogin'), 'Login marker cookie is deleted after logging out');
+    }
 }
diff --git a/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.yml b/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.yml
new file mode 100644
index 000000000..10fbbcfb1
--- /dev/null
+++ b/tests/php/Security/MemberAuthenticator/SessionAuthenticationHandlerTest.yml
@@ -0,0 +1,11 @@
+'SilverStripe\Security\Group':
+  usergroup:
+    Title: usergroup
+    Code: usergroup
+'SilverStripe\Security\Member':
+  test:
+    FirstName: Test
+    Surname: User
+    Email: testuser@example.com
+    Password: 1nitialPassword
+    Groups: '=>SilverStripe\Security\Group.usergroup'