1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.csrf.internal

File CSRFTokenInvalidator.java

 

Coverage histogram

../../../../img/srcFileCovDistChart7.png
64% of files have more coverage

Code metrics

0
3
3
1
70
34
3
1
1
3
1

Classes

Class Line # Actions
CSRFTokenInvalidator 47 3 0% 3 2
0.666666766.7%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.csrf.internal;
21   
22    import java.util.Collections;
23    import java.util.List;
24   
25    import javax.inject.Inject;
26    import javax.inject.Named;
27    import javax.inject.Singleton;
28   
29    import org.xwiki.bridge.event.ActionExecutingEvent;
30    import org.xwiki.component.annotation.Component;
31    import org.xwiki.csrf.CSRFToken;
32    import org.xwiki.observation.EventListener;
33    import org.xwiki.observation.event.Event;
34   
35    /**
36    * {@link EventListener} which will invalidate the CSRF token for the current user whenever a {@code /logout/} action
37    * occurs.
38    *
39    * @version $Id: a4bd1849a2ead6128864ebc6138be434f2061a57 $
40    * @since 4.0M1
41    */
42    // FIXME This is currently disabled because at the time this event is sent, the user has already been removed from the
43    // context, so we're messing things up for guests.
44    @Component(staticRegistration = false)
45    @Named("csrf-token-invalidator")
46    @Singleton
 
47    public class CSRFTokenInvalidator implements EventListener
48    {
49    /** CSRF Token manager. */
50    @Inject
51    private CSRFToken tokenManager;
52   
 
53  1 toggle @Override
54    public List<Event> getEvents()
55    {
56  1 return Collections.<Event> singletonList(new ActionExecutingEvent("logout"));
57    }
58   
 
59  0 toggle @Override
60    public String getName()
61    {
62  0 return "csrf-token-invalidator";
63    }
64   
 
65  1 toggle @Override
66    public void onEvent(Event event, Object source, Object data)
67    {
68  1 this.tokenManager.clearToken();
69    }
70    }