49 lines
1.5 KiB
PHP
49 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace com\fwdekker\deathnotifier\user;
|
|
|
|
use com\fwdekker\deathnotifier\Action;
|
|
use com\fwdekker\deathnotifier\UnexpectedException;
|
|
use com\fwdekker\deathnotifier\Util;
|
|
use com\fwdekker\deathnotifier\validator\InvalidInputException;
|
|
use com\fwdekker\deathnotifier\validator\IsValidCsrfTokenRule;
|
|
use com\fwdekker\deathnotifier\validator\RuleSet;
|
|
use com\fwdekker\deathnotifier\validator\SessionRuleSet;
|
|
use Exception;
|
|
|
|
|
|
/**
|
|
* Logs out the current user.
|
|
*/
|
|
class LogoutAction extends Action
|
|
{
|
|
/**
|
|
* Terminates the current user session.
|
|
*
|
|
* Requires that the user is logged in and that a valid CSRF token is present.
|
|
*
|
|
* @param array<int|string, mixed> $inputs `"token": string`: a valid CSRF token
|
|
* @return null
|
|
* @throws InvalidInputException if the user is not logged in or if no valid CSRF token is present
|
|
* @throws UnexpectedException if no new CSRF token could be generated
|
|
*/
|
|
public function handle(array $inputs): mixed
|
|
{
|
|
(new SessionRuleSet(validate_logged_in: true))->check($_SESSION);
|
|
(new RuleSet(["token" => [new IsValidCsrfTokenRule()]]))->check($inputs);
|
|
|
|
session_destroy();
|
|
session_start();
|
|
try {
|
|
$_SESSION["token"] = Util::generate_csrf_token();
|
|
} catch (Exception $exception) {
|
|
throw new UnexpectedException(
|
|
"Failed to generate new CSRF token. Please try again later.",
|
|
previous: $exception
|
|
);
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|