Change handling for logout on GET

+ Make it require allauth
+ Add a note to docs that it’s not a recommended setting
This commit is contained in:
Maxim Kukhtenkov 2016-11-27 03:35:11 -08:00
parent 667e70c40f
commit 7fc875a4f5
2 changed files with 5 additions and 8 deletions

View File

@ -13,7 +13,7 @@ Basic
- /rest-auth/logout/ (POST, GET)
.. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
.. note:: (requires allauth) ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET - this is the exact same conf from allauth. NOT recommended, see: http://django-allauth.readthedocs.io/en/latest/views.html#logout
- token

View File

@ -94,13 +94,10 @@ class LogoutView(APIView):
permission_classes = (AllowAny,)
def get(self, request, *args, **kwargs):
try:
if allauth_settings.LOGOUT_ON_GET:
response = self.logout(request)
else:
response = self.http_method_not_allowed(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(exc)
if 'allauth' in settings.INSTALLED_APPS and allauth_settings.LOGOUT_ON_GET:
response = self.logout(request)
else:
response = self.http_method_not_allowed(request, *args, **kwargs)
return self.finalize_response(request, response, *args, **kwargs)