/**
* Initiate a logout flow.
+ * Returns the SAML2 request ID, and the URL to redirect the user to.
*
* @throws Error
+ * @returns array{url: string, id: ?string}
*/
public function logout(User $user): array
{
$toolKit = $this->getToolkit();
- $returnRoute = url('/');
+ $sessionIndex = session()->get('saml2_session_index');
+ $returnUrl = url($this->loginService->logout());
try {
$url = $toolKit->logout(
- $returnRoute,
+ $returnUrl,
[],
$user->email,
- session()->get('saml2_session_index'),
+ $sessionIndex,
true,
Constants::NAMEID_EMAIL_ADDRESS
);
throw $error;
}
- $this->actionLogout();
- $url = '/';
+ $url = $returnUrl;
$id = null;
}
*
* @throws Error
*/
- public function processSlsResponse(?string $requestId): ?string
+ public function processSlsResponse(?string $requestId): string
{
$toolkit = $this->getToolkit();
// value so that the exact encoding format is matched when checking the signature.
// This is primarily due to ADFS encoding query params with lowercase percent encoding while
// PHP (And most other sensible providers) standardise on uppercase.
- $redirect = $toolkit->processSLO(true, $requestId, true, null, true);
+ /** @var ?string $samlRedirect */
+ $samlRedirect = $toolkit->processSLO(true, $requestId, true, null, true);
$errors = $toolkit->getErrors();
if (!empty($errors)) {
);
}
- $this->actionLogout();
+ $defaultBookStackRedirect = $this->loginService->logout();
- return $redirect;
- }
-
- /**
- * Do the required actions to log a user out.
- */
- protected function actionLogout()
- {
- auth()->logout();
- session()->invalidate();
+ return $samlRedirect ?? $defaultBookStackRedirect;
}
/**
projects / bookstack / blobdiff