mirror of
https://github.com/flarum/framework.git
synced 2024-11-28 20:16:08 +08:00
CSRF protection on logout action
This commit is contained in:
parent
99876e9e36
commit
54daad6e7d
|
@ -1,5 +1,6 @@
|
|||
<?php namespace Flarum\Forum\Actions;
|
||||
|
||||
use Flarum\Api\AccessToken;
|
||||
use Flarum\Forum\Events\UserLoggedOut;
|
||||
use Flarum\Support\Action;
|
||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||
|
@ -18,6 +19,10 @@ class LogoutAction extends Action
|
|||
$user = app('flarum.actor');
|
||||
|
||||
if ($user->exists) {
|
||||
$token = array_get($request->getQueryParams(), 'token');
|
||||
|
||||
AccessToken::where('user_id', $user->id)->findOrFail($token);
|
||||
|
||||
$user->accessTokens()->delete();
|
||||
|
||||
event(new UserLoggedOut($user));
|
||||
|
|
Loading…
Reference in New Issue
Block a user