/**
* @param Request $request
* @throws SingleSOException
* @return \Psr\Http\Message\ResponseInterface|RedirectResponse|JsonResponse|JsonpResponse
*/
public function handleLogout(Request $request)
{
// Load settings or fail.
$authSettings = SingleSO::settingsAuth($this->settings, true);
// Check for the logout token parameter, if present handle logout.
$params = $request->getQueryParams();
if (array_get($params, 'token')) {
return $this->createLogoutTokenResponse($request);
}
// Sanity check for the logout URL.
$logout_url = $authSettings['logout_url'];
if (!$logout_url) {
throw new SingleSOException(['Not configured for logout.']);
}
// Get any supplied redirect.
$redirect = array_get($params, 'redirect');
// Setup state with a random token, add redirect if specified.
$session = $request->getAttribute('session');
$state = $this->sessionStateCreate($session, $redirect);
// Create the redirect parameters.
$ssoParams = ['client_id' => $authSettings['client_id'], 'redirect_uri' => $this->getRedirectURI(), 'state' => $state];
// Get the Flarum user if authenticated.
// If a managed user, create and add token.
// This will enable logout even if main session is lost.
$user_id = $session ? $session->get('user_id') : null;
$user = $user_id ? User::find($user_id) : null;
if ($user && isset($user->singleso_id)) {
$ssoParams['token'] = SingleSO::logoutTokenCreate($user->singleso_id, $authSettings['client_secret']);
}
// Redirect to logout URL.
return new RedirectResponse(SingleSO::addParams($logout_url, $ssoParams));
}
