Use Security::logout instead of redirecting to the logout url

Author: GromNaN

config/services.yaml

@@ -29,6 +29,3 @@ services:
             - '../src/DependencyInjection/'
             - '../src/Entity/'
             - '../src/Kernel.php'
-
-    # this is needed because Symfony doesn't make the 'security.logout_url_generator' service autowirable
-    Symfony\Component\Security\Http\Logout\LogoutUrlGenerator: '@security.logout_url_generator'

src/Controller/UserController.php

@@ -16,12 +16,12 @@
 use App\Form\UserType;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Security\Http\Attribute\CurrentUser;
 use Symfony\Component\Security\Http\Attribute\IsGranted;
-use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
 
 /**
  * Controller used to manage current user. The #[CurrentUser] attribute
@@ -62,15 +62,19 @@ public function changePassword(
         #[CurrentUser] User $user,
         Request $request,
         EntityManagerInterface $entityManager,
-        LogoutUrlGenerator $logoutUrlGenerator,
+        Security $security,
     ): Response {
         $form = $this->createForm(ChangePasswordType::class, $user);
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
             $entityManager->flush();
 
-            return $this->redirect($logoutUrlGenerator->getLogoutPath());
+            // The second argument is to disable CSRF protection before logout.
+            // A CSRF token is already verified by the form.
+            $security->logout(false);
+
+            return $this->redirectToRoute('security_login');
         }
 
         return $this->render('user/change_password.html.twig', [