May 11, 2022 · Mar 8, 2025
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
 * Deprecate the `Symfony\Component\Security\Core\Security` service alias, use `Symfony\Bundle\SecurityBundle\Security\Security` instead
 * Add `Security::getFirewallConfig()` to help to get the firewall configuration associated to the Request
 * Add `Security::login()` to login programmatically
 * Allow disabling the redirection on successful logout by passing `null` to the `target` option

 6.1
 ---
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
                'logout_path' => $firewall['logout']['path'],
            ]);

            $logoutSuccessListenerId = 'security.logout.listener.default.'.$id;
            $container->setDefinition($logoutSuccessListenerId, new ChildDefinition('security.logout.listener.default'))
                ->replaceArgument(1, $firewall['logout']['target'])
                ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
            if (null !== $firewall['logout']['target']) {
                $logoutSuccessListenerId = 'security.logout.listener.default.'.$id;
                $container->setDefinition($logoutSuccessListenerId, new ChildDefinition('security.logout.listener.default'))
                    ->replaceArgument(1, $firewall['logout']['target'])
                    ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
            }

            // add CSRF provider
            if (isset($firewall['logout']['csrf_token_generator'])) {
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
        $this->assertContains('custom_firewall_listener_id', $firewallListeners);
    }

    public function testDisableLogoutTarget()
    {
        $container = $this->getRawContainer();

        $container->loadFromExtension('security', [
            'firewalls' => [
                'main' => [
                    'logout' => [
                        'target' => null,
                    ],
                ],
            ],
        ]);

        $container->compile();

        $this->assertFalse($container->hasDefinition('security.logout.listener.default.main'));
    }

    protected function getRawContainer()
    {
        $container = new ContainerBuilder();
diff --git a/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php b/src/Symfony/Component/Security/Http/Firewall/LogoutListener.php
        $this->eventDispatcher->dispatch($logoutEvent);

        $response = $logoutEvent->getResponse();
        if (!$response instanceof Response) {
            throw new \RuntimeException('No logout listener set the Response, make sure at least the DefaultLogoutListener is registered.');
        }

        $this->tokenStorage->setToken(null);

        $event->setResponse($response);
        if ($response) {
            $event->setResponse($response);
        }
    }

    /**
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/LogoutListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/LogoutListenerTest.php

    public function testNoResponseSet()
    {
        $this->expectException(\RuntimeException::class);

        [$listener, , $httpUtils, $options] = $this->getListener();

        $request = new Request();
            ->with($request, $options['logout_path'])
            ->willReturn(true);

        $listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
        $event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);

        $listener($event);

        $this->assertNull($event->getResponse());
    }

    /**
Original file line number	Diff line number	Diff line change
Expand Up		@@ -8,6 +8,7 @@ CHANGELOG
		* Deprecate the `Symfony\Component\Security\Core\Security` service alias, use `Symfony\Bundle\SecurityBundle\Security\Security` instead
		* Add `Security::getFirewallConfig()` to help to get the firewall configuration associated to the Request
		* Add `Security::login()` to login programmatically
		* Allow disabling the redirection on successful logout by passing `null` to the `target` option
Copy link Contributor SpomkyMar 8, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Should move to 7.3

		6.1
		---
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -413,10 +413,12 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
		'logout_path' => $firewall['logout']['path'],
		]);

		$logoutSuccessListenerId = 'security.logout.listener.default.'.$id;
		$container->setDefinition($logoutSuccessListenerId, new ChildDefinition('security.logout.listener.default'))
		->replaceArgument(1, $firewall['logout']['target'])
		->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
		if (null !== $firewall['logout']['target']) {
		$logoutSuccessListenerId = 'security.logout.listener.default.'.$id;
		$container->setDefinition($logoutSuccessListenerId, new ChildDefinition('security.logout.listener.default'))
		->replaceArgument(1, $firewall['logout']['target'])
		->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
		}

		// add CSRF provider
		if (isset($firewall['logout']['csrf_token_generator'])) {
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -780,6 +780,25 @@ public function testConfigureCustomFirewallListener()
		$this->assertContains('custom_firewall_listener_id', $firewallListeners);
		}

		public function testDisableLogoutTarget()
		{
		$container = $this->getRawContainer();

		$container->loadFromExtension('security', [
		'firewalls' => [
		'main' => [
		'logout' => [
		'target' => null,
		],
		],
		],
		]);

		$container->compile();

		$this->assertFalse($container->hasDefinition('security.logout.listener.default.main'));
		}

		protected function getRawContainer()
		{
		$container = new ContainerBuilder();
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -87,13 +87,12 @@ public function authenticate(RequestEvent $event)
		$this->eventDispatcher->dispatch($logoutEvent);

		$response = $logoutEvent->getResponse();
		if (!$response instanceof Response) {
		throw new \RuntimeException('No logout listener set the Response, make sure at least the DefaultLogoutListener is registered.');
		}

		$this->tokenStorage->setToken(null);

		$event->setResponse($response);
		if ($response) {
		$event->setResponse($response);
		}
		}

		/**
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -122,8 +122,6 @@ public function testHandleMatchedPathWithoutCsrfValidation()

		public function testNoResponseSet()
		{
		$this->expectException(\RuntimeException::class);

		[$listener, , $httpUtils, $options] = $this->getListener();

		$request = new Request();
Expand All		@@ -133,7 +131,11 @@ public function testNoResponseSet()
		->with($request, $options['logout_path'])
		->willReturn(true);

		$listener(new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST));
		$event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);

		$listener($event);

		$this->assertNull($event->getResponse());
		}

		/**
Expand Down