Merge pull request #288 from Tivix/logout_on_get

Logout on get
This commit is contained in:
Maxim Kukhtenkov 2016-11-30 19:41:14 -08:00 committed by GitHub
commit ebf6a92b17
2 changed files with 6 additions and 13 deletions

View File

@ -13,10 +13,10 @@ Basic
- /rest-auth/logout/ (POST, GET)
.. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
- token
.. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET - this is the exact same configuration from allauth. NOT recommended, see: http://django-allauth.readthedocs.io/en/latest/views.html#logout
- /rest-auth/password/reset/ (POST)
- email
@ -37,7 +37,6 @@ Basic
- old_password
- token
.. note:: ``OLD_PASSWORD_FIELD_ENABLED = True`` to use old_password.
.. note:: ``LOGOUT_ON_PASSWORD_CHANGE = False`` to keep the user logged in after password change

View File

@ -12,9 +12,6 @@ from rest_framework.response import Response
from rest_framework.generics import GenericAPIView, RetrieveUpdateAPIView
from rest_framework.permissions import IsAuthenticated, AllowAny
if 'allauth' in settings.INSTALLED_APPS:
from allauth.account import app_settings as allauth_settings
from .app_settings import (
TokenSerializer, UserDetailsSerializer, LoginSerializer,
PasswordResetSerializer, PasswordResetConfirmSerializer,
@ -94,13 +91,10 @@ class LogoutView(APIView):
permission_classes = (AllowAny,)
def get(self, request, *args, **kwargs):
try:
if allauth_settings.LOGOUT_ON_GET:
response = self.logout(request)
else:
response = self.http_method_not_allowed(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(exc)
if getattr(settings, 'ACCOUNT_LOGOUT_ON_GET', False):
response = self.logout(request)
else:
response = self.http_method_not_allowed(request, *args, **kwargs)
return self.finalize_response(request, response, *args, **kwargs)