/** * @param Request $request * @throws SingleSOException * @return \Psr\Http\Message\ResponseInterface|RedirectResponse|JsonResponse|JsonpResponse */ public function handleLogout(Request $request) { // Load settings or fail. $authSettings = SingleSO::settingsAuth($this->settings, true); // Check for the logout token parameter, if present handle logout. $params = $request->getQueryParams(); if (array_get($params, 'token')) { return $this->createLogoutTokenResponse($request); } // Sanity check for the logout URL. $logout_url = $authSettings['logout_url']; if (!$logout_url) { throw new SingleSOException(['Not configured for logout.']); } // Get any supplied redirect. $redirect = array_get($params, 'redirect'); // Setup state with a random token, add redirect if specified. $session = $request->getAttribute('session'); $state = $this->sessionStateCreate($session, $redirect); // Create the redirect parameters. $ssoParams = ['client_id' => $authSettings['client_id'], 'redirect_uri' => $this->getRedirectURI(), 'state' => $state]; // Get the Flarum user if authenticated. // If a managed user, create and add token. // This will enable logout even if main session is lost. $user_id = $session ? $session->get('user_id') : null; $user = $user_id ? User::find($user_id) : null; if ($user && isset($user->singleso_id)) { $ssoParams['token'] = SingleSO::logoutTokenCreate($user->singleso_id, $authSettings['client_secret']); } // Redirect to logout URL. return new RedirectResponse(SingleSO::addParams($logout_url, $ssoParams)); }