From 7fc875a4f5839db3b070024807c8ea2f0f50d288 Mon Sep 17 00:00:00 2001 From: Maxim Kukhtenkov Date: Sun, 27 Nov 2016 03:35:11 -0800 Subject: [PATCH] Change handling for logout on GET MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit + Make it require allauth + Add a note to docs that it’s not a recommended setting --- docs/api_endpoints.rst | 2 +- rest_auth/views.py | 11 ++++------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/docs/api_endpoints.rst b/docs/api_endpoints.rst index 67f8eff..af2cc85 100644 --- a/docs/api_endpoints.rst +++ b/docs/api_endpoints.rst @@ -13,7 +13,7 @@ Basic - /rest-auth/logout/ (POST, GET) - .. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth) + .. note:: (requires allauth) ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET - this is the exact same conf from allauth. NOT recommended, see: http://django-allauth.readthedocs.io/en/latest/views.html#logout - token diff --git a/rest_auth/views.py b/rest_auth/views.py index 310ce0d..54ebee1 100644 --- a/rest_auth/views.py +++ b/rest_auth/views.py @@ -94,13 +94,10 @@ class LogoutView(APIView): permission_classes = (AllowAny,) def get(self, request, *args, **kwargs): - try: - if allauth_settings.LOGOUT_ON_GET: - response = self.logout(request) - else: - response = self.http_method_not_allowed(request, *args, **kwargs) - except Exception as exc: - response = self.handle_exception(exc) + if 'allauth' in settings.INSTALLED_APPS and allauth_settings.LOGOUT_ON_GET: + response = self.logout(request) + else: + response = self.http_method_not_allowed(request, *args, **kwargs) return self.finalize_response(request, response, *args, **kwargs)