diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 229e657c4a..e6d50caeae 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -33,7 +33,12 @@ security: always_remember_me: false secure: '%force_ssl%' lifetime: 31104000 # 1y - logout: true + logout: + enable_csrf: true + clear_site_data: + - cookies + - storage + - cache lazy: true two_factor: auth_form_path: 2fa_login diff --git a/config/services.yaml b/config/services.yaml index 7d121b447f..472eab96f1 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -26,6 +26,7 @@ services: $recaptchaVerifier: "@beelab_recaptcha2.verifier" 'Monolog\Logger': '@logger' 'Symfony\Contracts\EventDispatcher\EventDispatcherInterface $mainEventDispatcher': '@security.event_dispatcher.main' + 'Symfony\Component\Security\Http\Logout\LogoutUrlGenerator': '@security.logout_url_generator' # params $dbUrl: '%env(DATABASE_URL)%' diff --git a/src/Menu/MenuBuilder.php b/src/Menu/MenuBuilder.php index 56c5ba3cd1..bf5fbef49d 100644 --- a/src/Menu/MenuBuilder.php +++ b/src/Menu/MenuBuilder.php @@ -16,13 +16,14 @@ use Knp\Menu\FactoryInterface; use Knp\Menu\ItemInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; +use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator; use Symfony\Contracts\Translation\TranslatorInterface; class MenuBuilder { private string $username; - public function __construct(private FactoryInterface $factory, TokenStorageInterface $tokenStorage, private TranslatorInterface $translator) + public function __construct(private FactoryInterface $factory, TokenStorageInterface $tokenStorage, private TranslatorInterface $translator, private LogoutUrlGenerator $logoutUrlGenerator) { if ($tokenStorage->getToken() && $tokenStorage->getToken()->getUser() instanceof User) { $this->username = $tokenStorage->getToken()->getUser()->getUsername(); @@ -36,7 +37,7 @@ public function createUserMenu(): ItemInterface $this->addProfileMenu($menu); $menu->addChild('hr', ['label' => '
', 'labelAttributes' => ['class' => 'normal'], 'extras' => ['safe_label' => true]]); - $menu->addChild($this->translator->trans('menu.logout'), ['label' => '' . $this->translator->trans('menu.logout'), 'route' => 'logout', 'extras' => ['safe_label' => true]]); + $menu->addChild($this->translator->trans('menu.logout'), ['label' => '' . $this->translator->trans('menu.logout'), 'uri' => $this->logoutUrlGenerator->getLogoutPath(), 'extras' => ['safe_label' => true]]); return $menu; } diff --git a/templates/bundles/SchebTwoFactorBundle/Authentication/form.html.twig b/templates/bundles/SchebTwoFactorBundle/Authentication/form.html.twig index 44cf1d8ad6..6cfc08b8e9 100644 --- a/templates/bundles/SchebTwoFactorBundle/Authentication/form.html.twig +++ b/templates/bundles/SchebTwoFactorBundle/Authentication/form.html.twig @@ -37,7 +37,7 @@
{# The logout link gives the user a way out if they can't complete two-factor authentication #} - {{ "cancel"|trans({}, 'SchebTwoFactorBundle') }} + {{ "cancel"|trans({}, 'SchebTwoFactorBundle') }}
diff --git a/templates/layout.html.twig b/templates/layout.html.twig index 77aa3e5a53..dc18c8c101 100644 --- a/templates/layout.html.twig +++ b/templates/layout.html.twig @@ -86,7 +86,7 @@
  • - Log out + Log out
    • {%- else %} diff --git a/templates/user/login.html.twig b/templates/user/login.html.twig index a3644cd3cc..f665d4d2d1 100644 --- a/templates/user/login.html.twig +++ b/templates/user/login.html.twig @@ -5,7 +5,7 @@ {% block user_content %} {% if app.user %}
    -

    You are logged in as {{ app.user.username }}, Log out

    +

    You are logged in as {{ app.user.username }}, Log out

    {% else %}