resets cookie on logout

Harborn-digital · Aug 2, 2021 · 17706aa · 17706aa
1 parent 8f90a08
commit 17706aa
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/src/Handler/LogoutHandler.php b/src/Handler/LogoutHandler.php
@@ -12,6 +12,7 @@
 use Doctrine\Common\Persistence\ManagerRegistry;
 use Doctrine\ORM\EntityManager;
 use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\JWTUserToken;
+use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Messenger\Handler\MessageHandlerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 
@@ -30,9 +31,10 @@ public function __construct(TokenStorageInterface $tokenStorage, ManagerRegistry
     /**
      * Invalidate the current login by invalidating the current JWT token.
      */
-    public function __invoke(Logout $logout): void
+    public function __invoke(Logout $logout): Response
     {
         $token = $this->tokenStorage->getToken();
+        $response = new Response();
 
         if ($token instanceof JWTUserToken) {
             $invalidToken = new InvalidToken();
@@ -46,6 +48,11 @@ public function __invoke(Logout $logout): void
             } else {
                 throw new \RuntimeException('Unable to invalid token because doctrine is not set up correctly. Please configure `vendor/connectholland/secure-jwt/src/Entity` as an annotated entity path (see README.md for more details)');
             }
+
+            $response->headers->clearCookie('BEARER', '/', null, true, true, 'none');
+
         }
+
+        return $response;
     }
 }
diff --git a/tests/Handler/LogoutHandlerTest.php b/tests/Handler/LogoutHandlerTest.php
@@ -14,6 +14,7 @@
 use Doctrine\ORM\EntityManager;
 use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\JWTUserToken;
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@@ -45,6 +46,26 @@ public function testOnlyHandleJWTTokens(): void
         $this->handler->__invoke(new Logout());
     }
 
+    public function testRemovesCookie(): void
+    {
+        $this->tokenStorage->setToken(new JWTUserToken([], null, 'unit-test-token'));
+        $manager     = $this->createMock(EntityManager::class);
+
+        $this->doctrine
+            ->expects($this->once())
+            ->method('getManagerForClass')
+            ->willReturn($manager);
+
+        $response = $this->handler->__invoke(new Logout());
+        $this->assertInstanceOf(Response::class, $response);
+        $cookies = $response->headers->getCookies();
+
+        $this->assertCount(1, $cookies);
+        $this->assertSame('BEARER', $cookies[0]->getName());
+        $this->assertSame(1, $cookies[0]->getExpiresTime());
+    }
+
+
     public function testPersistsInvalidToken(): void
     {
         $this->tokenStorage->setToken(new JWTUserToken([], null, 'unit-test-token'));