Security::logout() returns a redirect response

GromNaN · GromNaN · commit 5081b493ec90 · 2023-12-05T09:54:31.000+01:00
diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
@@ -70,11 +70,9 @@ public function changePassword(
         if ($form->isSubmitted() && $form->isValid()) {
             $entityManager->flush();
 
-            // The second argument is to disable CSRF protection before logout.
-            // A CSRF token is already verified by the form.
-            $security->logout(false);
-
-            return $this->redirectToRoute('security_login');
+            // The logout method has a protection against CSRF attacks, it's disabled here
+            // because the form already has a CSRF token validated.
+            return $security->logout(false);
         }
 
         return $this->render('user/change_password.html.twig', [
diff --git a/tests/Controller/UserControllerTest.php b/tests/Controller/UserControllerTest.php
@@ -104,12 +104,9 @@ public function testChangePassword(): void
 
         $this->assertResponseRedirects();
         $this->assertResponseRedirects(
-            '/en/login',
+            '/',
             Response::HTTP_FOUND,
             'Changing password logout the user.'
         );
-
-        $client->followRedirect();
-        $this->assertResponseStatusCodeSame(Response::HTTP_OK);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -104,12 +104,9 @@ public function testChangePassword(): void`
`104`	`104`
`105`	`105`	`$this->assertResponseRedirects();`
`106`	`106`	`$this->assertResponseRedirects(`
`107`		`- '/en/login',`
	`107`	`+ '/',`
`108`	`108`	`Response::HTTP_FOUND,`
`109`	`109`	`'Changing password logout the user.'`
`110`	`110`	`);`
`111`		`-`
`112`		`- $client->followRedirect();`
`113`		`- $this->assertResponseStatusCodeSame(Response::HTTP_OK);`
`114`	`111`	`}`
`115`	`112`	`}`