3 files changed, 36 insertions, 2 deletions
diff --git a/Core/Exception/LogoutException.php b/Core/Exception/LogoutException.php
new file mode 100644
index 0000000..2bb954f
--- /dev/null
+++ b/Core/Exception/LogoutException.php
@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Exception;
+
+/**
+ * LogoutException is thrown when the account cannot be logged out.
+ *
+ * @author Jeremy Mikola <jmikola@gmail.com>
+ */
+class LogoutException extends \RuntimeException
+{
+    public function __construct($message = 'Logout Exception', \Exception $previous = null)
+    {
+        parent::__construct($message, 403, $previous);
+    }
+}
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
index 674c648..0996ab2 100644
--- a/Http/Firewall/ExceptionListener.php
+++ b/Http/Firewall/ExceptionListener.php
@@ -20,6 +20,7 @@ use Symfony\Component\Security\Core\Exception\AccountStatusException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException;
+use Symfony\Component\Security\Core\Exception\LogoutException;
 use Symfony\Component\Security\Http\HttpUtils;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Log\LoggerInterface;
@@ -140,6 +141,14 @@ class ExceptionListener
                     return;
                 }
             }
+        } elseif ($exception instanceof LogoutException) {
+            if (null !== $this->logger) {
+                $this->logger->info(sprintf('Logout exception occurred; wrapping with AccessDeniedHttpException (%s)', $exception->getMessage()));
+            }
+
+            $event->setException(new AccessDeniedHttpException($exception->getMessage(), $exception));
+
+            return;
         } else {
             return;
         }
diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php
index f4d0b2c..59172dc 100644
--- a/Http/Firewall/LogoutListener.php
+++ b/Http/Firewall/LogoutListener.php
@@ -16,7 +16,7 @@ use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\Security\Core\SecurityContextInterface;
-use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
+use Symfony\Component\Security\Core\Exception\LogoutException;
 use Symfony\Component\Security\Http\HttpUtils;
 use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
 use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
@@ -91,7 +91,7 @@ class LogoutListener implements ListenerInterface
             $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
 
             if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
-                throw new InvalidCsrfTokenException('Invalid CSRF token.');
+                throw new LogoutException('Invalid CSRF token.');
             }
         }