From 70a4dc9a13af6ecb1cd99681f056a05c0c780c84 Mon Sep 17 00:00:00 2001
From: Mateus Caruccio <mateus.caruccio@getupcloud.com>
Date: Sat, 9 Jan 2016 01:11:35 -0200
Subject: [PATCH] Allow logout on GET

---
 docs/api_endpoints.rst      |  4 +++-
 rest_auth/tests/test_api.py | 26 ++++++++++++++++++++++++++
 rest_auth/views.py          | 18 ++++++++++++++++++
 3 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/docs/api_endpoints.rst b/docs/api_endpoints.rst
index 1f9660f..2ff23d2 100644
--- a/docs/api_endpoints.rst
+++ b/docs/api_endpoints.rst
@@ -11,7 +11,9 @@ Basic
     - password (string)
 
 
-- /rest-auth/logout/ (POST)
+- /rest-auth/logout/ (POST, GET)
+
+    .. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
 
 - /rest-auth/password/reset/ (POST)
 
diff --git a/rest_auth/tests/test_api.py b/rest_auth/tests/test_api.py
index 222b3a7..63a941c 100644
--- a/rest_auth/tests/test_api.py
+++ b/rest_auth/tests/test_api.py
@@ -372,3 +372,29 @@ class APITestCase1(TestCase, BaseAPITestCase):
         # try to login again
         self._login()
         self._logout()
+
+    @override_settings(ACCOUNT_LOGOUT_ON_GET=True)
+    def test_logout_on_get(self):
+        payload = {
+            "username": self.USERNAME,
+            "password": self.PASS
+        }
+
+        # create user
+        user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
+
+        self.post(self.login_url, data=payload, status_code=200)
+        self.get(self.logout_url, status=status.HTTP_200_OK)
+
+    @override_settings(ACCOUNT_LOGOUT_ON_GET=False)
+    def test_logout_on_post_only(self):
+        payload = {
+            "username": self.USERNAME,
+            "password": self.PASS
+        }
+
+        # create user
+        user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
+
+        self.post(self.login_url, data=payload, status_code=status.HTTP_200_OK)
+        self.get(self.logout_url, status_code=status.HTTP_405_METHOD_NOT_ALLOWED)
diff --git a/rest_auth/views.py b/rest_auth/views.py
index 3bb6f6b..6f2ce99 100644
--- a/rest_auth/views.py
+++ b/rest_auth/views.py
@@ -9,6 +9,8 @@ from rest_framework.generics import GenericAPIView
 from rest_framework.permissions import IsAuthenticated, AllowAny
 from rest_framework.generics import RetrieveUpdateAPIView
 
+from allauth.account import app_settings as allauth_settings
+
 from .app_settings import (
     TokenSerializer, UserDetailsSerializer, LoginSerializer,
     PasswordResetSerializer, PasswordResetConfirmSerializer,
@@ -61,7 +63,23 @@ class LogoutView(APIView):
     """
     permission_classes = (AllowAny,)
 
+    def get(self, request, *args, **kwargs):
+        try:
+            if allauth_settings.LOGOUT_ON_GET:
+                response = self.logout(request)
+            else:
+                response = self.http_method_not_allowed(request, *args, **kwargs)
+        except Exception as exc:
+            response = self.handle_exception(exc)
+
+        return self.finalize_response(request, response, *args, **kwargs)
+        self.response = self.finalize_response(request, response, *args, **kwargs)
+        return self.response
+
     def post(self, request):
+        return self.logout(request)
+
+    def logout(self, request):
         try:
             request.user.auth_token.delete()
         except (AttributeError, ObjectDoesNotExist):