Merge pull request #58196 from nextcloud/backport/58059/stable30

AndyScherzinger · web-flow · commit 1a17aa0f07c5 · 2026-02-09T12:33:23.000+01:00
[stable30] fix: add X-User-Id header to logout response
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
@@ -75,8 +75,9 @@ public function __construct(
 	#[FrontpageRoute(verb: 'GET', url: '/logout')]
 	public function logout() {
 		$loginToken = $this->request->getCookie('nc_token');
-		if (!is_null($loginToken)) {
-			$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
+		$uid = $this->userSession->getUser()?->getUID();
+		if ($loginToken !== null && $uid !== null) {
+			$this->config->deleteUserValue($uid, 'login_token', $loginToken);
 		}
 		$this->userSession->logout();
 
@@ -95,6 +96,10 @@ public function logout() {
 			$response->addHeader('Clear-Site-Data', '"cache", "storage"');
 		}
 
+		if ($uid !== null) {
+			$response->addHeader('X-User-Id', $uid);
+		}
+
 		return $response;
 	}
 
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
@@ -213,6 +213,7 @@ public function testLogoutWithToken() {
 
 		$expected = new RedirectResponse('/login');
 		$expected->addHeader('Clear-Site-Data', '"cache", "storage"');
+		$expected->addHeader('X-User-Id', 'JohnDoe');
 		$this->assertEquals($expected, $this->loginController->logout());
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -75,8 +75,9 @@ public function __construct(`
`75`	`75`	`#[FrontpageRoute(verb: 'GET', url: '/logout')]`
`76`	`76`	`public function logout() {`
`77`	`77`	`$loginToken = $this->request->getCookie('nc_token');`
`78`		`- if (!is_null($loginToken)) {`
`79`		`- $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);`
	`78`	`+ $uid = $this->userSession->getUser()?->getUID();`
	`79`	`+ if ($loginToken !== null && $uid !== null) {`
	`80`	`+ $this->config->deleteUserValue($uid, 'login_token', $loginToken);`
`80`	`81`	`}`
`81`	`82`	`$this->userSession->logout();`
`82`	`83`
`@@ -95,6 +96,10 @@ public function logout() {`
`95`	`96`	`$response->addHeader('Clear-Site-Data', '"cache", "storage"');`
`96`	`97`	`}`
`97`	`98`
	`99`	`+ if ($uid !== null) {`
	`100`	`+ $response->addHeader('X-User-Id', $uid);`
	`101`	`+ }`
	`102`	`+`
`98`	`103`	`return $response;`
`99`	`104`	`}`
`100`	`105`
Original file line number	Diff line number	Diff line change
`@@ -213,6 +213,7 @@ public function testLogoutWithToken() {`
`213`	`213`
`214`	`214`	`$expected = new RedirectResponse('/login');`
`215`	`215`	`$expected->addHeader('Clear-Site-Data', '"cache", "storage"');`
	`216`	`+ $expected->addHeader('X-User-Id', 'JohnDoe');`
`216`	`217`	`$this->assertEquals($expected, $this->loginController->logout());`
`217`	`218`	`}`
`218`	`219`