-2

In a Symfony 5.0 Application I want to add custom logic for cleanup reasons when the user loggs out. What I have currenty is what is described in the docs:

https://symfony.com/doc/current/security.html#logging-out

As the logout() function in the SecurityController is intercepted by Symfony it won't work to add logic there.

So - where CAN I add logic which is allways executed when a user loggs out? Couldn't find anything in the docs so far...

user3440145
  • 793
  • 10
  • 34
  • 2
    there is a logout listener in the security package, which you could use to inspire your listener and just prioritize it higher then the security package's. https://github.com/symfony/symfony/blob/5.0/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php – Jakumi Mar 28 '20 at 11:48
  • you also could add something that implements the interface mentioned in the note in your linked doc section (the `LogoutSuccessHandlerInterface`, in that interface you will also find a reference for the `LogoutHandlerInterface` - it literally says in the success handler: "If you want to only perform some logout related clean-up task, use the LogoutHandlerInterface instead.") – Jakumi Mar 28 '20 at 11:57
  • Yes i read that too - but it sounds as if this was kicking in when the logout is done - and therefore I can't access the user which was logged in (which I need to). – user3440145 Mar 28 '20 at 12:09
  • Regarding your first suggestion - I am unsure on how to do that... Any hints? – user3440145 Mar 28 '20 at 12:09
  • The LogoutHandlerInterface (https://github.com/symfony/symfony/blob/4.4/src/Symfony/Component/Security/Http/Logout/LogoutHandlerInterface.php) has a `TokenInterface`, from which you can `getUser()`, which should work. – Jakumi Mar 28 '20 at 12:11
  • the logout listener is probably listening on all kernel request events (https://symfony.com/doc/current/reference/events.html#kernel-request), and its `supports` method (see abstract listener in the same folder) will filter everything out except the app_logout route. read up on event listeners in symfony, you should be able to work it out from there. but to be honest, I would go the LogoutHandlerInterface route ... – Jakumi Mar 28 '20 at 12:20
  • I did go the LogoutHandlerInterface way. Works very well. If you want write an answere - I'll check it. Thanks. – user3440145 Mar 28 '20 at 13:07

1 Answers1

1

IMHO the best option is to implement the LogoutHandlerInterface referenced slightly indirectly on the symfony docs you mentioned (it mentions the LogoutSuccessHandlerInterface, which has a comment regarding the LogoutHandlerInterface: "If you want to only perform some logout related clean-up task, use the LogoutHandlerInterface instead.")

To me, it feels like an event handler, but it doesn't use the event system, so ... whatever.

Nevertheless, the arguments provided to your LogoutHandler will receive a TokenInterface which has TokenInterface::getUser() which returns the current user. (dependency injection on the constructor should provide you with additional services and stuff)

The alternative would be to implement an EventListener for the kernel request event - which the LogoutListener of the symfony/security package uses to manage logouts. You would have to add the same logic as the LogoutListener and probably have to make it trigger before the LogoutListener, this is however a slightly more convoluted way and I would really use the LogoutHandler.

Jakumi
  • 8,043
  • 2
  • 15
  • 32