public function actionLogout()
{
// Throw an error if the user is not logged in.
$user = Yii::$app->user;
$isGuest = Yii::$app->user->isGuest;
// Get the user requesting logout form session if valid.
$logout_user = Oauth2::getSessionLogoutRedirectUser();
// We need either a logout user or an active login to continue.
if (!$logout_user && $isGuest) {
throw new BadRequestHttpException('No active user session.');
}
// If the logout user not set, make it the active user id.
if (!$logout_user) {
$logout_user = $user->id;
}
// If the active user is the same as the user to logout.
$active_user_logout = $user->id === $logout_user;
$model = new LogoutForm();
$model->load(Yii::$app->request->post());
$model->active_user_logout = $active_user_logout;
if ($model->validate()) {
// If a token is set, remove it.
Oauth2::clearSessionLogoutRedirectUser();
// Remember the redirect session data before destroying it.
$sessionRedirect = Oauth2::getSessionLogoutRedirect();
// If the active user is being logged out, actually logout.
if ($active_user_logout) {
// Trigger the actual logout.
$event = $this->getUserEvent(Yii::$app->user->identity);
$this->trigger(self::EVENT_BEFORE_LOGOUT, $event);
Yii::$app->getUser()->logout();
$this->trigger(self::EVENT_AFTER_LOGOUT, $event);
}
// Set the redirect session again after the logout.
Oauth2::setSessionLogoutRedirect($sessionRedirect);
// Create a session token for remembering this ID to logout.
$token = Oauth2::setLogoutSession($logout_user);
// Redirect to logout all the services.
return $this->redirect(['logout-all', 'token' => $token]);
}
return $this->render('@app/views/user/logout/prompt', ['model' => $model]);
}
