Single endpoint for logout

Remove `assert` from `logout()`
(There is still one in `two_factor_verify_password()`)

flask_security/views.py

@@ -197,7 +197,7 @@ def login():
         )
 
 
-def logout():
+def logout_without_form():
     """View function which handles a logout request."""
     tf_clean_session()
 
@@ -216,15 +216,22 @@ def logout_with_form():
     form = _security.logout_form(request.form)
 
     if form.validate_on_submit():
-        response = logout()
-        assert not current_user.is_authenticated
+        response = logout_without_form()
         return response
 
     return _security.render_template(
         config_value("LOGOUT_USER_TEMPLATE"), logout_user_form=form, **_ctx("logout")
     )
 
 
+def logout():
+    """View function which handles a logout request."""
+    if _security.logout_form:
+        return logout_with_form()
+
+    return logout_without_form()
+
+
 @anonymous_user_required
 def register():
     """View function which handles a registration request."""
@@ -1032,12 +1039,7 @@ def create_blueprint(state, import_name, json_encoder=None):
     if json_encoder:
         bp.json_encoder = json_encoder
 
-    if state.logout_form:
-        bp.route(state.logout_url, methods=["GET", "POST"], endpoint="logout")(
-            logout_with_form
-        )
-    else:
-        bp.route(state.logout_url, methods=["GET", "POST"], endpoint="logout")(logout)
+    bp.route(state.logout_url, methods=["GET", "POST"], endpoint="logout")(logout)
 
     if state.passwordless:
         bp.route(state.login_url, methods=["GET", "POST"], endpoint="login")(send_login)