implement logout functionality and improve SSO logout process

2026-02-26 17:03:51 +01:00 · 2026-02-26 17:03:51 +01:00 · d50a6bd238
parent 8f35520311
commit d50a6bd238
2 changed files with 25 additions and 13 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -59,9 +59,10 @@ security:
                enable_csrf: true
                default_target_path: app_index
                use_referer: true
-#            logout:
-#                path: app_logout
-#                target: app_login
+            logout:
+                path: app_logout
+                enable_csrf: false
+                target: app_login

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall
--- a/src/Controller/SecurityController.php
+++ b/src/Controller/SecurityController.php
@ -48,22 +48,33 @@ class SecurityController extends AbstractController
        ]);
    }

-    #[Route(path: '/sso_logout', name: 'sso_logout')]
-    public function ssoLogout(RequestStack $stack, LoggerInterface $logger, AccessTokenService $accessTokenService, Security $security): Response
+    #[Route(path: '/logout', name: 'app_logout')]
+    public function logout(): void
    {
+        throw new \Exception('This should never be reached!');
+    }
+
+    #[Route(path: '/sso_logout', name: 'sso_logout')]
+    public function ssoLogout(AccessTokenService $accessTokenService): Response
+    {
+        $this->logger->info('SSO Logout called from EasyCheck');
+        
        try {
-            $user = $this->userService->getUserByIdentifier($this->security->getUser()->getUserIdentifier());
+            $user = $this->getUser();
+            if ($user) {
                $id = $user->getId();
-            if ($stack->getSession()->invalidate()) {
-                $accessTokenService->revokeUserTokens($security->getUser()->getUserIdentifier());
-                $security->logout(false);
+                $this->logger->info('Revoking tokens for user', ['user_id' => $id]);
+                $accessTokenService->revokeUserTokens($user->getUserIdentifier());
                $this->loggerService->logUserConnection('User logged out', ['user_id' => $id]);
-                return $this->redirect('/');
+            } else {
+                $this->logger->warning('No user found during SSO logout');
            }
        } catch (\Exception $e) {
-            $logger->log(LogLevel::ERROR, 'Error invalidating session: ' . $e->getMessage());
+            $this->logger->log(LogLevel::ERROR, 'Error during SSO logout: ' . $e->getMessage());
        }
-        return $this->redirectToRoute('app_index');
+        
+        $this->logger->info('Redirecting to app_logout');
+        return $this->redirectToRoute('app_logout');
    }

    #[Route(path: '/consent', name: 'app_consent')]