| public forget ( Psr\Http\Message\ResponseInterface $response ) | ||
| $response | Psr\Http\Message\ResponseInterface | |
/**
* @param Request $request
* @return \Psr\Http\Message\ResponseInterface
* @throws TokenMismatchException
*/
public function handle(Request $request)
{
$session = $request->getAttribute('session');
$response = new RedirectResponse($this->app->url());
if ($user = User::find($session->get('user_id'))) {
if (array_get($request->getQueryParams(), 'token') !== $session->get('csrf_token')) {
throw new TokenMismatchException();
}
$this->authenticator->logOut($session);
$user->accessTokens()->delete();
$this->events->fire(new UserLoggedOut($user));
$response = $this->rememberer->forget($response);
}
return $response;
}
/**
* @param Request $request
* @throws SingleSOException
* @return \Psr\Http\Message\ResponseInterface|JsonResponse|JsonpResponse
*/
public function createLogoutTokenResponse(Request $request)
{
$params = $request->getQueryParams();
// Get the user session.
$session = $request->getAttribute('session');
// Get the Flarum user if authenticated.
$user_id = $session ? $session->get('user_id') : null;
$user = $user_id ? User::find($user_id) : null;
// Success flag.
$success = 0;
$message = null;
// Flag to logout user.
$logout = false;
// If there a managed user, possibly log out.
if ($user && isset($user->singleso_id)) {
// Load settings, check success.
$authSettings = SingleSO::settingsAuth($this->settings, false);
if (!$authSettings) {
$message = 'Invalid configuration.';
} else {
// Verify token.
if (!SingleSO::logoutTokenVerify($user->singleso_id, $authSettings['client_secret'], array_get($params, 'token'))) {
$message = 'Invalid token.';
} else {
// Remember to do logout.
$logout = true;
// User is logged out.
$success = 1;
}
}
} else {
// No user to logout.
$success = -1;
}
// Create the response data.
$responseData = ['success' => $success];
if ($message) {
$responseData['message'] = $message;
}
$response = null;
// Get the JSONP callback if present.
$callback = array_get($params, 'callback');
// Try to create response or convert failure to catchable exception.
try {
// If a JSONP callback, use JSONP, else JSON.
$response = $callback ? new JsonpResponse($responseData, $callback) : new JsonResponse($responseData);
} catch (InvalidArgumentException $ex) {
throw new SingleSOException([$ex->getMessage() . '.']);
}
// Logout the current user if set to do.
if ($logout) {
// Remember the state after destroying session.
$sessionData = $this->sessionStateGet($session);
// Trigger the actual logout.
$this->authenticator->logOut($session);
$user->accessTokens()->delete();
$this->events->fire(new UserLoggedOut($user));
$response = $this->rememberer->forget($response);
// Set the state back on the new session if existed.
if ($sessionData) {
$this->sessionStateSet($session, $sessionData);
}
}
return $response;
}
