misuzu/public-legacy/auth/logout.php

<?php
namespace Misuzu;

use Misuzu\Auth\AuthTokenCookie;

if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
    die('Script must be called through the Misuzu route dispatcher.');

if($msz->authInfo->loggedIn) {
    if(!CSRF::validateRequest()) {
        Template::render('auth.logout');
        return;
    }

    $tokenInfo = $msz->authInfo->tokenInfo;
    $msz->authCtx->sessions->deleteSessions(sessionTokens: $tokenInfo->sessionToken);

    $tokenBuilder = $tokenInfo->toBuilder();
    $tokenBuilder->removeUserId();
    $tokenBuilder->removeSessionToken();
    $tokenBuilder->removeImpersonatedUserId();

    $tokenInfo = $tokenBuilder->toInfo();
    AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
}

Tools::redirect($msz->urls->format('index'));;
Split auth.php up into multiple files. 2019-03-08 01:35:53 +01:00			`<?php`
Added namespaces to all files in public. 2019-09-29 00:43:51 +02:00			`namespace Misuzu;`

Changed the way msz_auth is handled. Going forward msz_auth is always assumed to be present, even while the user is not logged in. If the cookie is not present a default, empty value will be used. The msz_uid and msz_sid cookies are also still upconverted for some reason but are no longer removed even though there's no active sessions that can possibly have those anymore. As with the previous change, shit may be broken so report any Anomalies you come across, through flashii-issues@flash.moe if necessary. 2023-08-03 01:35:08 +00:00			`use Misuzu\Auth\AuthTokenCookie;`

Fixed PHPstan detections. 2024-12-02 02:28:08 +00:00			`if(!isset($msz) \|\| !($msz instanceof \Misuzu\MisuzuContext))`
			`die('Script must be called through the Misuzu route dispatcher.');`

Merged OAuth2 handling into Misuzu. 2025-02-02 02:09:56 +00:00			`if($msz->authInfo->loggedIn) {`
Changed the way msz_auth is handled. Going forward msz_auth is always assumed to be present, even while the user is not logged in. If the cookie is not present a default, empty value will be used. The msz_uid and msz_sid cookies are also still upconverted for some reason but are no longer removed even though there's no active sessions that can possibly have those anymore. As with the previous change, shit may be broken so report any Anomalies you come across, through flashii-issues@flash.moe if necessary. 2023-08-03 01:35:08 +00:00			`if(!CSRF::validateRequest()) {`
			`Template::render('auth.logout');`
			`return;`
			`}`

Removed getter/setter methods in favour of property hooks and asymmetric visibility. 2024-11-30 04:09:29 +00:00			`$tokenInfo = $msz->authInfo->tokenInfo;`
			`$msz->authCtx->sessions->deleteSessions(sessionTokens: $tokenInfo->sessionToken);`
Changed the way msz_auth is handled. Going forward msz_auth is always assumed to be present, even while the user is not logged in. If the cookie is not present a default, empty value will be used. The msz_uid and msz_sid cookies are also still upconverted for some reason but are no longer removed even though there's no active sessions that can possibly have those anymore. As with the previous change, shit may be broken so report any Anomalies you come across, through flashii-issues@flash.moe if necessary. 2023-08-03 01:35:08 +00:00
			`$tokenBuilder = $tokenInfo->toBuilder();`
			`$tokenBuilder->removeUserId();`
			`$tokenBuilder->removeSessionToken();`
			`$tokenBuilder->removeImpersonatedUserId();`
Split auth.php up into multiple files. 2019-03-08 01:35:53 +01:00
Removed getter/setter methods in favour of property hooks and asymmetric visibility. 2024-11-30 04:09:29 +00:00			`$tokenInfo = $tokenBuilder->toInfo();`
Fixed PHPstan detections. 2024-12-02 02:28:08 +00:00			`AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));`
Split auth.php up into multiple files. 2019-03-08 01:35:53 +01:00			`}`

Removed getter/setter methods in favour of property hooks and asymmetric visibility. 2024-11-30 04:09:29 +00:00			`Tools::redirect($msz->urls->format('index'));;`