mirror of
https://github.com/Tivix/django-rest-auth.git
synced 2024-11-22 09:06:40 +03:00
Allow logout on GET
This commit is contained in:
parent
c087899311
commit
70a4dc9a13
|
@ -11,7 +11,9 @@ Basic
|
|||
- password (string)
|
||||
|
||||
|
||||
- /rest-auth/logout/ (POST)
|
||||
- /rest-auth/logout/ (POST, GET)
|
||||
|
||||
.. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
|
||||
|
||||
- /rest-auth/password/reset/ (POST)
|
||||
|
||||
|
|
|
@ -372,3 +372,29 @@ class APITestCase1(TestCase, BaseAPITestCase):
|
|||
# try to login again
|
||||
self._login()
|
||||
self._logout()
|
||||
|
||||
@override_settings(ACCOUNT_LOGOUT_ON_GET=True)
|
||||
def test_logout_on_get(self):
|
||||
payload = {
|
||||
"username": self.USERNAME,
|
||||
"password": self.PASS
|
||||
}
|
||||
|
||||
# create user
|
||||
user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
|
||||
|
||||
self.post(self.login_url, data=payload, status_code=200)
|
||||
self.get(self.logout_url, status=status.HTTP_200_OK)
|
||||
|
||||
@override_settings(ACCOUNT_LOGOUT_ON_GET=False)
|
||||
def test_logout_on_post_only(self):
|
||||
payload = {
|
||||
"username": self.USERNAME,
|
||||
"password": self.PASS
|
||||
}
|
||||
|
||||
# create user
|
||||
user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
|
||||
|
||||
self.post(self.login_url, data=payload, status_code=status.HTTP_200_OK)
|
||||
self.get(self.logout_url, status_code=status.HTTP_405_METHOD_NOT_ALLOWED)
|
||||
|
|
|
@ -9,6 +9,8 @@ from rest_framework.generics import GenericAPIView
|
|||
from rest_framework.permissions import IsAuthenticated, AllowAny
|
||||
from rest_framework.generics import RetrieveUpdateAPIView
|
||||
|
||||
from allauth.account import app_settings as allauth_settings
|
||||
|
||||
from .app_settings import (
|
||||
TokenSerializer, UserDetailsSerializer, LoginSerializer,
|
||||
PasswordResetSerializer, PasswordResetConfirmSerializer,
|
||||
|
@ -61,7 +63,23 @@ class LogoutView(APIView):
|
|||
"""
|
||||
permission_classes = (AllowAny,)
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
try:
|
||||
if allauth_settings.LOGOUT_ON_GET:
|
||||
response = self.logout(request)
|
||||
else:
|
||||
response = self.http_method_not_allowed(request, *args, **kwargs)
|
||||
except Exception as exc:
|
||||
response = self.handle_exception(exc)
|
||||
|
||||
return self.finalize_response(request, response, *args, **kwargs)
|
||||
self.response = self.finalize_response(request, response, *args, **kwargs)
|
||||
return self.response
|
||||
|
||||
def post(self, request):
|
||||
return self.logout(request)
|
||||
|
||||
def logout(self, request):
|
||||
try:
|
||||
request.user.auth_token.delete()
|
||||
except (AttributeError, ObjectDoesNotExist):
|
||||
|
|
Loading…
Reference in New Issue
Block a user