Merge pull request #288 from Tivix/logout_on_get

Logout on get

docs/api_endpoints.rst

@@ -13,10 +13,10 @@ Basic
 
 - /rest-auth/logout/ (POST, GET)
 
-    .. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
-
     - token
 
+    .. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET - this is the exact same configuration from allauth. NOT recommended, see: http://django-allauth.readthedocs.io/en/latest/views.html#logout
+
 - /rest-auth/password/reset/ (POST)
 
     - email
@@ -37,7 +37,6 @@ Basic
     - old_password
     - token
 
-
     .. note:: ``OLD_PASSWORD_FIELD_ENABLED = True`` to use old_password.
     .. note:: ``LOGOUT_ON_PASSWORD_CHANGE = False`` to keep the user logged in after password change
 

rest_auth/views.py

@@ -12,9 +12,6 @@ from rest_framework.response import Response
 from rest_framework.generics import GenericAPIView, RetrieveUpdateAPIView
 from rest_framework.permissions import IsAuthenticated, AllowAny
 
-if 'allauth' in settings.INSTALLED_APPS:
-    from allauth.account import app_settings as allauth_settings
-
 from .app_settings import (
     TokenSerializer, UserDetailsSerializer, LoginSerializer,
     PasswordResetSerializer, PasswordResetConfirmSerializer,
@@ -94,13 +91,10 @@ class LogoutView(APIView):
     permission_classes = (AllowAny,)
 
     def get(self, request, *args, **kwargs):
-        try:
+        if getattr(settings, 'ACCOUNT_LOGOUT_ON_GET', False):
-            if allauth_settings.LOGOUT_ON_GET:
+            response = self.logout(request)
-                response = self.logout(request)
+        else:
-            else:
+            response = self.http_method_not_allowed(request, *args, **kwargs)
-                response = self.http_method_not_allowed(request, *args, **kwargs)
-        except Exception as exc:
-            response = self.handle_exception(exc)
 
         return self.finalize_response(request, response, *args, **kwargs)