adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Unset the active user data on logout.

Browse source 
When using stateless authentication the current user should be cleared
after logout to maintain consistency with session based authentication.

Refs #10422
This commit is contained in:
mark_story 2017-03-16 11:31:20 -04:00
parent c5e31e590d
commit ccc9006620
2 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/Cake/Controller/Component/AuthComponent.php
View file

@ -645,6 +645,7 @@ class AuthComponent extends Component {
foreach ($this->_authenticateObjects as $auth) { foreach ($this->_authenticateObjects as $auth) {
$auth->logout($user); $auth->logout($user);
} }
static::$_user = array();
$this->Session->delete(static::$sessionKey); $this->Session->delete(static::$sessionKey);
$this->Session->delete('Auth.redirect'); $this->Session->delete('Auth.redirect');
$this->Session->renew(); $this->Session->renew();

17
lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
View file

@ -1428,6 +1428,23 @@ class AuthComponentTest extends CakeTestCase {
$this->assertNull($this->Auth->Session->read('Auth.redirect')); $this->assertNull($this->Auth->Session->read('Auth.redirect'));
} }
/**
* test that logout removes the active user data as well for stateless auth
*
* @return void
*/
public function testLogoutRemoveUser() {
$oldKey = AuthComponent::$sessionKey;
AuthComponent::$sessionKey = false;
$this->Auth->login(array('id' => 1, 'username' => 'mariano'));
$this->assertSame('mariano', $this->Auth->user('username'));
$this->Auth->logout();
AuthComponent::$sessionKey = $oldKey;
$this->assertNull($this->Auth->user('username'));
}
/** /**
* Logout should trigger a logout method on authentication objects. * Logout should trigger a logout method on authentication objects.
* *