Fix: logout

tatevikg1 · tatevikg1 · commit 36212bbab82d · 2026-03-11T16:53:55.000+04:00
diff --git a/assets/vue/components/subscribers/SubscriberDirectory.vue b/assets/vue/components/subscribers/SubscriberDirectory.vue
@@ -161,9 +161,15 @@ const fetchSubscribers = async (afterId = null) => {
 
   try {
     const response = await fetch(url, {
-      headers: { Accept: 'application/json' }
+      headers: { Accept: 'application/json', 'X-Requested-With': 'XMLHttpRequest' }
     })
 
+    if (response.status === 401) {
+      const data = await response.json()
+      window.location.href = data.redirect
+      return
+    }
+
     const data = await response.json()
 
     subscribers.value = data.items
diff --git a/assets/vue/layouts/AdminLayout.vue b/assets/vue/layouts/AdminLayout.vue
@@ -26,28 +26,13 @@
           Create Campaign
         </button>
 
-        <div class="h-8 w-px bg-slate-200 hidden sm:block mx-1"></div>
-
-        <button class="relative p-2 text-slate-400 hover:text-slate-600 transition-colors">
-          <BaseIcon name="notification" />
-          <span class="absolute top-1.5 right-1.5 w-2 h-2 bg-rose-500 rounded-full border-2 border-white"></span>
-        </button>
-
         <!-- User dropdown -->
         <div class="flex items-center gap-3 pl-2 group cursor-pointer">
           <div class="flex flex-col items-end hidden sm:flex">
             <span class="text-sm font-bold text-slate-800 leading-none">Admin User</span>
             <span class="text-[10px] text-slate-500 mt-0.5">Administrator</span>
           </div>
 
-          <div class="w-9 h-9 bg-slate-100 rounded-full flex items-center justify-center text-slate-400 border border-slate-200 overflow-hidden">
-            <img
-                alt="User Avatar"
-                class="w-full h-full object-cover"
-                src="https://images.unsplash.com/photo-1535713875002-d1d0cf377fde?q=80&amp;w=100&amp;h=100&amp;auto=format&amp;fit=crop"
-            >
-          </div>
-
           <BaseIcon name="chevronDown" />
         </div>
       </div>
diff --git a/assets/vue/views/DashboardView.vue b/assets/vue/views/DashboardView.vue
@@ -29,8 +29,6 @@ import AdminLayout from '../layouts/AdminLayout.vue'
 import KpiGrid from '../components/dashboard/KpiGrid.vue'
 import PerformanceChartCard from '../components/dashboard/PerformanceChartCard.vue'
 import RecentCampaignsCard from '../components/dashboard/RecentCampaignsCard.vue'
-import BaseIcon from '../components/base/BaseIcon.vue'
-import avatar from '@images/avatar.jpg'
 
 const chart = {
   labels: ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun'],
diff --git a/src/Controller/AuthController.php b/src/Controller/AuthController.php
@@ -49,6 +49,7 @@ public function login(Request $request): Response
                 $authData = $this->apiClient->login($username, $password);
                 $request->getSession()->set('auth_token', $authData['key']);
                 $request->getSession()->set('auth_expiry_date', $authData['key']);
+                $request->getSession()->set('auth_id', $authData['id']);
 
                 return $this->redirectToRoute('home');
             } catch (Exception $e) {
@@ -67,6 +68,8 @@ public function login(Request $request): Response
     public function logout(Request $request): Response
     {
         $request->getSession()->remove('auth_token');
+        $request->getSession()->remove('auth_id');
+        $this->apiClient->logout();
 
         return $this->redirectToRoute('login');
     }
diff --git a/src/EventListener/ApiSessionListener.php b/src/EventListener/ApiSessionListener.php
@@ -37,7 +37,12 @@ public function onKernelRequest(RequestEvent $event): void
         $authToken = $session->get('auth_token');
 
         if ($authToken) {
-            $this->apiClient->setSessionId($authToken);
+            $this->apiClient->setSessionId((string) $authToken);
+        }
+
+        $authId = $session->get('auth_id');
+        if ($authId) {
+            $this->apiClient->setId((int) $authId);
         }
     }
 }
diff --git a/src/EventSubscriber/UnauthorizedSubscriber.php b/src/EventSubscriber/UnauthorizedSubscriber.php
@@ -5,20 +5,20 @@
 namespace PhpList\WebFrontend\EventSubscriber;
 
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
 use Symfony\Component\HttpKernel\Event\ExceptionEvent;
 use Symfony\Component\HttpKernel\KernelEvents;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
-use GuzzleHttp\Exception\ClientException;
 use PhpList\RestApiClient\Exception\AuthenticationException;
 
 class UnauthorizedSubscriber implements EventSubscriberInterface
 {
-    private UrlGeneratorInterface $urlGenerator;
-
-    public function __construct(UrlGeneratorInterface $urlGenerator)
-    {
-        $this->urlGenerator = $urlGenerator;
+    public function __construct(
+        private readonly UrlGeneratorInterface $urlGenerator,
+        private readonly FlashBagInterface $flashBag,
+    ) {
     }
 
     public static function getSubscribedEvents(): array
@@ -32,22 +32,31 @@ public function onKernelException(ExceptionEvent $event): void
     {
         $exception = $event->getThrowable();
 
-        if (($exception instanceof ClientException && $exception->getCode() === 401) ||
-            $exception instanceof AuthenticationException
-        ) {
+        if ($exception instanceof AuthenticationException) {
             $request = $event->getRequest();
-            $session = $request->getSession();
 
-            if ($session->has('auth_token')) {
-                $session->remove('auth_token');
+            if ($request->hasSession()) {
+                $session = $request->getSession();
+                $session->invalidate();
             }
 
-            $session->set('login_error', 'Your session has expired. Please log in again.');
-
             $loginUrl = $this->urlGenerator->generate('login');
-            $response = new RedirectResponse($loginUrl);
 
-            $event->setResponse($response);
+            if ($request->isXmlHttpRequest()) {
+                $event->setResponse(new JsonResponse([
+                    'error' => 'session_expired',
+                    'message' => 'Your session has expired. Please log in again.',
+                    'redirect' => $loginUrl,
+                ], 401));
+
+                return;
+            }
+
+            if ($request->hasSession()) {
+                $this->flashBag->add('error', 'Your session has expired. Please log in again.');
+            }
+
+            $event->setResponse(new RedirectResponse($loginUrl));
         }
     }
 }
diff --git a/tests/Unit/EventSubscriber/UnauthorizedSubscriberTest.php b/tests/Unit/EventSubscriber/UnauthorizedSubscriberTest.php
@@ -5,14 +5,14 @@
 namespace PhpList\WebFrontend\Tests\Unit\EventSubscriber;
 
 use Exception;
-use GuzzleHttp\Exception\ClientException;
-use GuzzleHttp\Psr7\Request as GuzzleRequest;
-use GuzzleHttp\Psr7\Response as GuzzleResponse;
+use PhpList\RestApiClient\Exception\AuthenticationException;
 use PhpList\WebFrontend\EventSubscriber\UnauthorizedSubscriber;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
 use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpKernel\Event\ExceptionEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -23,11 +23,13 @@ class UnauthorizedSubscriberTest extends TestCase
 {
     private UnauthorizedSubscriber $subscriber;
     private UrlGeneratorInterface&MockObject $urlGenerator;
+    private FlashBagInterface&MockObject $flashBag;
 
     protected function setUp(): void
     {
         $this->urlGenerator = $this->createMock(UrlGeneratorInterface::class);
-        $this->subscriber = new UnauthorizedSubscriber($this->urlGenerator);
+        $this->flashBag = $this->createMock(FlashBagInterface::class);
+        $this->subscriber = new UnauthorizedSubscriber($this->urlGenerator, $this->flashBag);
     }
 
     public function testGetSubscribedEvents(): void
@@ -40,33 +42,25 @@ public function testGetSubscribedEvents(): void
 
     public function testOnKernelExceptionWithUnauthorizedException(): void
     {
-        $guzzleRequest = new GuzzleRequest('GET', 'http://example.com');
-        $guzzleResponse = new GuzzleResponse(401);
-        $clientException = new ClientException('Unauthorized', $guzzleRequest, $guzzleResponse);
+        $authException = new AuthenticationException('Unauthorized');
 
         $session = $this->createMock(SessionInterface::class);
-        $session->expects($this->once())
-            ->method('has')
-            ->with('auth_token')
-            ->willReturn(true);
+        $session->expects($this->once())->method('invalidate');
 
-        $session->expects($this->once())
-            ->method('remove')
-            ->with('auth_token');
-
-        $session->expects($this->once())
-            ->method('set')
-            ->with('login_error', 'Your session has expired. Please log in again.');
+        $this->flashBag->expects($this->once())
+            ->method('add')
+            ->with('error', 'Your session has expired. Please log in again.');
 
         $request = $this->createMock(Request::class);
+        $request->method('hasSession')->willReturn(true);
         $request->method('getSession')->willReturn($session);
 
         $kernel = $this->createMock(HttpKernelInterface::class);
         $event = new ExceptionEvent(
             $kernel,
             $request,
             HttpKernelInterface::MAIN_REQUEST,
-            $clientException
+            $authException
         );
 
         $loginUrl = '/login';
@@ -100,35 +94,55 @@ public function testOnKernelExceptionWithOtherException(): void
         $this->assertNull($event->getResponse());
     }
 
-    public function testOnKernelExceptionWithNonAuthTokenSession(): void
+    public function testOnKernelExceptionWithXmlHttpRequest(): void
     {
-        $guzzleRequest = new GuzzleRequest('GET', 'http://example.com');
-        $guzzleResponse = new GuzzleResponse(401);
-        $clientException = new ClientException('Unauthorized', $guzzleRequest, $guzzleResponse);
+        $authException = new AuthenticationException('Unauthorized');
 
         $session = $this->createMock(SessionInterface::class);
-        $session->expects($this->once())
-            ->method('has')
-            ->with('auth_token')
-            ->willReturn(false);
+        $session->expects($this->once())->method('invalidate');
 
-        $session->expects($this->never())
-            ->method('remove')
-            ->with('auth_token');
+        $request = $this->createMock(Request::class);
+        $request->method('hasSession')->willReturn(true);
+        $request->method('getSession')->willReturn($session);
+        $request->method('isXmlHttpRequest')->willReturn(true);
 
-        $session->expects($this->once())
-            ->method('set')
-            ->with('login_error', 'Your session has expired. Please log in again.');
+        $kernel = $this->createMock(HttpKernelInterface::class);
+        $event = new ExceptionEvent(
+            $kernel,
+            $request,
+            HttpKernelInterface::MAIN_REQUEST,
+            $authException
+        );
+
+        $loginUrl = '/login';
+        $this->urlGenerator->method('generate')
+            ->with('login')
+            ->willReturn($loginUrl);
+
+        $this->subscriber->onKernelException($event);
+
+        $response = $event->getResponse();
+        $this->assertInstanceOf(JsonResponse::class, $response);
+        $this->assertEquals(401, $response->getStatusCode());
+
+        $data = json_decode($response->getContent(), true);
+        $this->assertEquals('session_expired', $data['error']);
+        $this->assertEquals($loginUrl, $data['redirect']);
+    }
+
+    public function testOnKernelExceptionWithoutSession(): void
+    {
+        $authException = new AuthenticationException('Unauthorized');
 
         $request = $this->createMock(Request::class);
-        $request->method('getSession')->willReturn($session);
+        $request->method('hasSession')->willReturn(false);
 
         $kernel = $this->createMock(HttpKernelInterface::class);
         $event = new ExceptionEvent(
             $kernel,
             $request,
             HttpKernelInterface::MAIN_REQUEST,
-            $clientException
+            $authException
         );
 
         $loginUrl = '/login';

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ public function login(Request $request): Response`
`49`	`49`	`$authData = $this->apiClient->login($username, $password);`
`50`	`50`	`$request->getSession()->set('auth_token', $authData['key']);`
`51`	`51`	`$request->getSession()->set('auth_expiry_date', $authData['key']);`
	`52`	`+ $request->getSession()->set('auth_id', $authData['id']);`
`52`	`53`
`53`	`54`	`return $this->redirectToRoute('home');`
`54`	`55`	`} catch (Exception $e) {`
`@@ -67,6 +68,8 @@ public function login(Request $request): Response`
`67`	`68`	`public function logout(Request $request): Response`
`68`	`69`	`{`
`69`	`70`	`$request->getSession()->remove('auth_token');`
	`71`	`+ $request->getSession()->remove('auth_id');`
	`72`	`+ $this->apiClient->logout();`
`70`	`73`
`71`	`74`	`return $this->redirectToRoute('login');`
`72`	`75`	`}`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,12 @@ public function onKernelRequest(RequestEvent $event): void`
`37`	`37`	`$authToken = $session->get('auth_token');`
`38`	`38`
`39`	`39`	`if ($authToken) {`
`40`		`- $this->apiClient->setSessionId($authToken);`
	`40`	`+ $this->apiClient->setSessionId((string) $authToken);`
	`41`	`+ }`
	`42`	`+`
	`43`	`+ $authId = $session->get('auth_id');`
	`44`	`+ if ($authId) {`
	`45`	`+ $this->apiClient->setId((int) $authId);`
`41`	`46`	`}`
`42`	`47`	`}`
`43`	`48`	`}`