Allow logout on GET

This commit is contained in:
Mateus Caruccio 2016-01-09 01:11:35 -02:00
parent c087899311
commit 70a4dc9a13
3 changed files with 47 additions and 1 deletions

View File

@ -11,7 +11,9 @@ Basic
- password (string)
- /rest-auth/logout/ (POST)
- /rest-auth/logout/ (POST, GET)
.. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
- /rest-auth/password/reset/ (POST)

View File

@ -372,3 +372,29 @@ class APITestCase1(TestCase, BaseAPITestCase):
# try to login again
self._login()
self._logout()
@override_settings(ACCOUNT_LOGOUT_ON_GET=True)
def test_logout_on_get(self):
payload = {
"username": self.USERNAME,
"password": self.PASS
}
# create user
user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
self.post(self.login_url, data=payload, status_code=200)
self.get(self.logout_url, status=status.HTTP_200_OK)
@override_settings(ACCOUNT_LOGOUT_ON_GET=False)
def test_logout_on_post_only(self):
payload = {
"username": self.USERNAME,
"password": self.PASS
}
# create user
user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
self.post(self.login_url, data=payload, status_code=status.HTTP_200_OK)
self.get(self.logout_url, status_code=status.HTTP_405_METHOD_NOT_ALLOWED)

View File

@ -9,6 +9,8 @@ from rest_framework.generics import GenericAPIView
from rest_framework.permissions import IsAuthenticated, AllowAny
from rest_framework.generics import RetrieveUpdateAPIView
from allauth.account import app_settings as allauth_settings
from .app_settings import (
TokenSerializer, UserDetailsSerializer, LoginSerializer,
PasswordResetSerializer, PasswordResetConfirmSerializer,
@ -61,7 +63,23 @@ class LogoutView(APIView):
"""
permission_classes = (AllowAny,)
def get(self, request, *args, **kwargs):
try:
if allauth_settings.LOGOUT_ON_GET:
response = self.logout(request)
else:
response = self.http_method_not_allowed(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(exc)
return self.finalize_response(request, response, *args, **kwargs)
self.response = self.finalize_response(request, response, *args, **kwargs)
return self.response
def post(self, request):
return self.logout(request)
def logout(self, request):
try:
request.user.auth_token.delete()
except (AttributeError, ObjectDoesNotExist):