Merge branch '6.2' into 6.3

nicolas-grekas · nicolas-grekas · commit f444d1f679f0 · 2023-05-19T14:46:45.000+02:00
* 6.2:
  Fix merge
  [Translation] Fix handling of null messages in `ArrayLoader`
  [Console] Remove exec and replace it by shell_exec
  [Security] Skip clearing CSRF Token on stateless logout
diff --git a/EventListener/CsrfTokenClearingLogoutListener.php b/EventListener/CsrfTokenClearingLogoutListener.php
@@ -13,6 +13,7 @@
 
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\Security\Csrf\TokenStorage\ClearableTokenStorageInterface;
+use Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage;
 use Symfony\Component\Security\Http\Event\LogoutEvent;
 
 /**
@@ -31,6 +32,10 @@ public function __construct(ClearableTokenStorageInterface $csrfTokenStorage)
 
     public function onLogout(LogoutEvent $event): void
     {
+        if ($this->csrfTokenStorage instanceof SessionTokenStorage && !$event->getRequest()->hasPreviousSession()) {
+            return;
+        }
+
         $this->csrfTokenStorage->clear();
     }
 

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@`
`13`	`13`
`14`	`14`	`use Symfony\Component\EventDispatcher\EventSubscriberInterface;`
`15`	`15`	`use Symfony\Component\Security\Csrf\TokenStorage\ClearableTokenStorageInterface;`
	`16`	`+use Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage;`
`16`	`17`	`use Symfony\Component\Security\Http\Event\LogoutEvent;`
`17`	`18`
`18`	`19`	`/**`
`@@ -31,6 +32,10 @@ public function __construct(ClearableTokenStorageInterface $csrfTokenStorage)`
`31`	`32`
`32`	`33`	`public function onLogout(LogoutEvent $event): void`
`33`	`34`	`{`
	`35`	`+ if ($this->csrfTokenStorage instanceof SessionTokenStorage && !$event->getRequest()->hasPreviousSession()) {`
	`36`	`+ return;`
	`37`	`+ }`
	`38`	`+`
`34`	`39`	`$this->csrfTokenStorage->clear();`
`35`	`40`	`}`
`36`	`41`