Skip to content

Commit 23aae92

Browse files
thisismeonmounteverestthisismeonmounteverest
committed
Use session invalidation to force user logout to avoid re-activation of just retired member.
1 parent 18d1f2f commit 23aae92

File tree

1 file changed

+13
-5
lines changed

1 file changed

+13
-5
lines changed

src/Controller/ProfileController.php

+13-5
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
use Symfony\Component\HttpFoundation\Response;
2525
use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
2626
use Symfony\Component\Routing\Annotation\Route;
27+
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
2728
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
2829
use Symfony\Contracts\Translation\TranslatorInterface;
2930

@@ -222,7 +223,7 @@ public function deleteProfileNotLoggedIn(
222223
$member = $memberRepository->findOneBy(['username' => $data['username']]);
223224

224225
$verified = false;
225-
if (null === $member) {
226+
if (null === $member || !$member->isBrowsable()) {
226227
$deleteProfileForm->addError(new FormError($translator->trans('profile.delete.credentials')));
227228
} else {
228229
$passwordHasher = $passwordHasherFactory->getPasswordHasher($member);
@@ -239,7 +240,7 @@ public function deleteProfileNotLoggedIn(
239240
}
240241

241242
if ($success) {
242-
return $this->redirectToRoute('security_logout');
243+
return $this->redirectToRoute('homepage');
243244
}
244245
}
245246

@@ -251,8 +252,12 @@ public function deleteProfileNotLoggedIn(
251252
/**
252253
* @Route("/members/{username}/delete", name="profile_delete")
253254
*/
254-
public function deleteProfile(Request $request, Member $member, ProfileModel $profileModel): Response
255-
{
255+
public function deleteProfile(
256+
Request $request,
257+
TokenStorageInterface $tokenStorage,
258+
Member $member,
259+
ProfileModel $profileModel
260+
): Response {
256261
$loggedInMember = $this->getUser();
257262
if ($member !== $loggedInMember) {
258263
return $this->redirectToRoute('members_profile', ['username' => $member->getUsername()]);
@@ -267,7 +272,10 @@ public function deleteProfile(Request $request, Member $member, ProfileModel $pr
267272
$success = $profileModel->retireProfile($member, $deleteProfileForm->getData());
268273

269274
if ($success) {
270-
return $this->redirectToRoute('security_logout');
275+
// force logout
276+
$tokenStorage->setToken(null); // Force logout
277+
$request->getSession()->invalidate();
278+
return $this->redirectToRoute('homepage');
271279
}
272280
}
273281

0 commit comments

Comments
 (0)