fix: remove login marker cookie on logout

Apply suggestions from code review

Co-authored-by: Michal Kleiner <mk@011.nz>
This commit is contained in:
Florian Thoma 2021-07-13 11:45:48 +10:00
parent 08028d3969
commit 31668e8acf
3 changed files with 34 additions and 1 deletions

View File

@ -113,5 +113,9 @@ class SessionAuthenticationHandler implements AuthenticationHandler
{ {
$request = $request ?: Controller::curr()->getRequest(); $request = $request ?: Controller::curr()->getRequest();
$request->getSession()->destroy(true, $request); $request->getSession()->destroy(true, $request);
if (Member::config()->get('login_marker_cookie')) {
Cookie::force_expiry(Member::config()->get('login_marker_cookie'));
}
} }
} }

View File

@ -4,13 +4,15 @@ namespace SilverStripe\Security\Tests\MemberAuthenticator;
use SilverStripe\Control\Cookie; use SilverStripe\Control\Cookie;
use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session; use SilverStripe\Control\Session;
use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\SapphireTest; use SilverStripe\Dev\SapphireTest;
use SilverStripe\Security\Member; use SilverStripe\Security\Member;
use SilverStripe\Security\MemberAuthenticator\SessionAuthenticationHandler; use SilverStripe\Security\MemberAuthenticator\SessionAuthenticationHandler;
class SessionAuthenticationHandlerTest extends SapphireTest class SessionAuthenticationHandlerTest extends SapphireTest
{ {
protected static $fixture_file = 'SessionAuthenticationHandlerTest.yml';
protected $usesDatabase = true; protected $usesDatabase = true;
/** /**
@ -58,4 +60,20 @@ class SessionAuthenticationHandlerTest extends SapphireTest
$this->assertNotNull($matchedMember); $this->assertNotNull($matchedMember);
$this->assertEquals($matchedMember->Email, $member->Email); $this->assertEquals($matchedMember->Email, $member->Email);
} }
public function testLoginMarkerCookie()
{
Config::modify()->set(Member::class, 'login_marker_cookie', 'sslogin');
/** @var Member $member */
$member = $this->objFromFixture(Member::class, 'test');
$this->logInAs($member);
$this->assertNotNull(Cookie::get('sslogin'), 'Login marker cookie is set after logging in');
$this->logOut();
$this->assertNull(Cookie::get('sslogin'), 'Login marker cookie is deleted after logging out');
}
} }

View File

@ -0,0 +1,11 @@
'SilverStripe\Security\Group':
usergroup:
Title: usergroup
Code: usergroup
'SilverStripe\Security\Member':
test:
FirstName: Test
Surname: User
Email: testuser@example.com
Password: 1nitialPassword
Groups: '=>SilverStripe\Security\Group.usergroup'