/*
* See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.xwiki.csrf.internal;
import java.util.Collections;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.xwiki.bridge.event.ActionExecutingEvent;
import org.xwiki.component.annotation.Component;
import org.xwiki.csrf.CSRFToken;
import org.xwiki.observation.EventListener;
import org.xwiki.observation.event.Event;
/**
* {@link EventListener} which will invalidate the CSRF token for the current user whenever a {@code /logout/} action
* occurs.
*
* @version $Id: a4bd1849a2ead6128864ebc6138be434f2061a57 $
* @since 4.0M1
*/
// FIXME This is currently disabled because at the time this event is sent, the user has already been removed from the
// context, so we're messing things up for guests.
@Component(staticRegistration = false)
@Named("csrf-token-invalidator")
@Singleton
public class CSRFTokenInvalidator implements EventListener
{
/** CSRF Token manager. */
@Inject
private CSRFToken tokenManager;
@Override
public List<Event> getEvents()
{
return Collections.<Event> singletonList(new ActionExecutingEvent("logout"));
}
@Override
public String getName()
{
return "csrf-token-invalidator";
}
@Override
public void onEvent(Event event, Object source, Object data)
{
this.tokenManager.clearToken();
}
}