github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-11-29 04:33:47 +08:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity

CSRF protection on logout action

Browse Source
This commit is contained in:
Toby Zerner 2015-07-07 15:30:13 +09:30
parent 99876e9e36
commit 54daad6e7d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Forum/Actions/LogoutAction.php
View File

@ -1,5 +1,6 @@
<?php namespace Flarum\Forum\Actions; <?php namespace Flarum\Forum\Actions;
use Flarum\Api\AccessToken;
use Flarum\Forum\Events\UserLoggedOut; use Flarum\Forum\Events\UserLoggedOut;
use Flarum\Support\Action; use Flarum\Support\Action;
use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ServerRequestInterface as Request;
@ -18,6 +19,10 @@ class LogoutAction extends Action
$user = app('flarum.actor'); $user = app('flarum.actor');
if ($user->exists) { if ($user->exists) {
$token = array_get($request->getQueryParams(), 'token');
AccessToken::where('user_id', $user->id)->findOrFail($token);
$user->accessTokens()->delete(); $user->accessTokens()->delete();
event(new UserLoggedOut($user)); event(new UserLoggedOut($user));