-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathLogoutAction.php
91 lines (75 loc) · 2.63 KB
/
LogoutAction.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<?php
namespace Charcoal\Admin\Action;
use Exception;
// From PSR-7
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;
// From 'charcoal-admin'
use Charcoal\Admin\AdminAction;
/**
* Action: Attempt to log a user out.
*
* ## Response
*
* - `success` (_boolean_) — TRUE if the user was properly logged out, FALSE in case of any error.
*
* ## HTTP Status Codes
*
* - `200` — Successful; User has been safely logged out
* - `500` — Server error; User could not be logged out
*/
class LogoutAction extends AdminAction
{
/**
* @param RequestInterface $request A PSR-7 compatible Request instance.
* @param ResponseInterface $response A PSR-7 compatible Response instance.
* @return ResponseInterface
* @todo This should be done via an Authenticator object.
*/
public function run(RequestInterface $request, ResponseInterface $response)
{
unset($request);
try {
$translator = $this->translator();
$doneMessage = $translator->translation('You are now logged out.');
$failMessage = $translator->translation('An error occurred while logging out');
$errorThrown = strtr($translator->translation('{{ errorMessage }}: {{ errorThrown }}'), [
'{{ errorMessage }}' => $failMessage
]);
$authenticator = $this->authenticator();
if ($authenticator->check()) {
$authenticator->logout();
$this->addFeedback('success', $doneMessage);
$this->setSuccess(true);
return $response->withStatus(204);
}
} catch (Exception $e) {
$this->addFeedback('error', strtr($errorThrown, [
'{{ errorThrown }}' => $e->getMessage()
]));
$this->setSuccess(false);
return $response->withStatus(500);
}
/** Fail silently — Never confirm or deny the existence of an account. */
$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null;
if ($ip) {
$logMessage = sprintf('[Admin] Logout attempt for unauthenticated user from %s', $ip);
} else {
$logMessage = '[Admin] Logout attempt for unauthenticated user';
}
$this->logger->warning($logMessage);
$this->addFeedback('error', $failMessage);
$this->setSuccess(false);
return $response->withStatus(401);
}
/**
* @todo Provide feedback and redirection?
* @return array
*/
public function results()
{
return [
'success' => $this->success(),
];
}
}