mirror of
https://github.com/Tivix/django-rest-auth.git
synced 2024-11-22 17:16:34 +03:00
Merge pull request #152 from caruccio/logout-on-get
Allow logout on GET
This commit is contained in:
commit
ef56efc0c8
|
@ -11,7 +11,9 @@ Basic
|
||||||
- password (string)
|
- password (string)
|
||||||
|
|
||||||
|
|
||||||
- /rest-auth/logout/ (POST)
|
- /rest-auth/logout/ (POST, GET)
|
||||||
|
|
||||||
|
.. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
|
||||||
|
|
||||||
- token
|
- token
|
||||||
|
|
||||||
|
|
|
@ -378,3 +378,29 @@ class APITestCase1(TestCase, BaseAPITestCase):
|
||||||
# try to login again
|
# try to login again
|
||||||
self._login()
|
self._login()
|
||||||
self._logout()
|
self._logout()
|
||||||
|
|
||||||
|
@override_settings(ACCOUNT_LOGOUT_ON_GET=True)
|
||||||
|
def test_logout_on_get(self):
|
||||||
|
payload = {
|
||||||
|
"username": self.USERNAME,
|
||||||
|
"password": self.PASS
|
||||||
|
}
|
||||||
|
|
||||||
|
# create user
|
||||||
|
user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
|
||||||
|
|
||||||
|
self.post(self.login_url, data=payload, status_code=200)
|
||||||
|
self.get(self.logout_url, status=status.HTTP_200_OK)
|
||||||
|
|
||||||
|
@override_settings(ACCOUNT_LOGOUT_ON_GET=False)
|
||||||
|
def test_logout_on_post_only(self):
|
||||||
|
payload = {
|
||||||
|
"username": self.USERNAME,
|
||||||
|
"password": self.PASS
|
||||||
|
}
|
||||||
|
|
||||||
|
# create user
|
||||||
|
user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
|
||||||
|
|
||||||
|
self.post(self.login_url, data=payload, status_code=status.HTTP_200_OK)
|
||||||
|
self.get(self.logout_url, status_code=status.HTTP_405_METHOD_NOT_ALLOWED)
|
||||||
|
|
|
@ -10,6 +10,8 @@ from rest_framework.generics import GenericAPIView
|
||||||
from rest_framework.permissions import IsAuthenticated, AllowAny
|
from rest_framework.permissions import IsAuthenticated, AllowAny
|
||||||
from rest_framework.generics import RetrieveUpdateAPIView
|
from rest_framework.generics import RetrieveUpdateAPIView
|
||||||
|
|
||||||
|
from allauth.account import app_settings as allauth_settings
|
||||||
|
|
||||||
from .app_settings import (
|
from .app_settings import (
|
||||||
TokenSerializer, UserDetailsSerializer, LoginSerializer,
|
TokenSerializer, UserDetailsSerializer, LoginSerializer,
|
||||||
PasswordResetSerializer, PasswordResetConfirmSerializer,
|
PasswordResetSerializer, PasswordResetConfirmSerializer,
|
||||||
|
@ -62,7 +64,23 @@ class LogoutView(APIView):
|
||||||
"""
|
"""
|
||||||
permission_classes = (AllowAny,)
|
permission_classes = (AllowAny,)
|
||||||
|
|
||||||
|
def get(self, request, *args, **kwargs):
|
||||||
|
try:
|
||||||
|
if allauth_settings.LOGOUT_ON_GET:
|
||||||
|
response = self.logout(request)
|
||||||
|
else:
|
||||||
|
response = self.http_method_not_allowed(request, *args, **kwargs)
|
||||||
|
except Exception as exc:
|
||||||
|
response = self.handle_exception(exc)
|
||||||
|
|
||||||
|
return self.finalize_response(request, response, *args, **kwargs)
|
||||||
|
self.response = self.finalize_response(request, response, *args, **kwargs)
|
||||||
|
return self.response
|
||||||
|
|
||||||
def post(self, request):
|
def post(self, request):
|
||||||
|
return self.logout(request)
|
||||||
|
|
||||||
|
def logout(self, request):
|
||||||
try:
|
try:
|
||||||
request.user.auth_token.delete()
|
request.user.auth_token.delete()
|
||||||
except (AttributeError, ObjectDoesNotExist):
|
except (AttributeError, ObjectDoesNotExist):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user