Tivix/django-rest-auth
1
1
Fork 0
mirror of https://github.com/Tivix/django-rest-auth.git synced 2024-11-22 09:06:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #152 from caruccio/logout-on-get

Browse Source 
Allow logout on GET
This commit is contained in:
mariodev 2016-02-26 13:38:01 +01:00
commit ef56efc0c8
3 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/api_endpoints.rst
View File

@ -11,7 +11,9 @@ Basic
- password (string) - password (string)
- /rest-auth/logout/ (POST) - /rest-auth/logout/ (POST, GET)
.. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
- token - token

26
rest_auth/tests/test_api.py
View File

@ -378,3 +378,29 @@ class APITestCase1(TestCase, BaseAPITestCase):
# try to login again # try to login again
self._login() self._login()
self._logout() self._logout()
@override_settings(ACCOUNT_LOGOUT_ON_GET=True)
def test_logout_on_get(self):
payload = {
"username": self.USERNAME,
"password": self.PASS
}
# create user
user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
self.post(self.login_url, data=payload, status_code=200)
self.get(self.logout_url, status=status.HTTP_200_OK)
@override_settings(ACCOUNT_LOGOUT_ON_GET=False)
def test_logout_on_post_only(self):
payload = {
"username": self.USERNAME,
"password": self.PASS
}
# create user
user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
self.post(self.login_url, data=payload, status_code=status.HTTP_200_OK)
self.get(self.logout_url, status_code=status.HTTP_405_METHOD_NOT_ALLOWED)

18
rest_auth/views.py
View File

@ -10,6 +10,8 @@ from rest_framework.generics import GenericAPIView
from rest_framework.permissions import IsAuthenticated, AllowAny from rest_framework.permissions import IsAuthenticated, AllowAny
from rest_framework.generics import RetrieveUpdateAPIView from rest_framework.generics import RetrieveUpdateAPIView
from allauth.account import app_settings as allauth_settings
from .app_settings import ( from .app_settings import (
TokenSerializer, UserDetailsSerializer, LoginSerializer, TokenSerializer, UserDetailsSerializer, LoginSerializer,
PasswordResetSerializer, PasswordResetConfirmSerializer, PasswordResetSerializer, PasswordResetConfirmSerializer,
@ -62,7 +64,23 @@ class LogoutView(APIView):
""" """
permission_classes = (AllowAny,) permission_classes = (AllowAny,)
def get(self, request, *args, **kwargs):
try:
if allauth_settings.LOGOUT_ON_GET:
response = self.logout(request)
else:
response = self.http_method_not_allowed(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(exc)
return self.finalize_response(request, response, *args, **kwargs)
self.response = self.finalize_response(request, response, *args, **kwargs)
return self.response
def post(self, request): def post(self, request):
return self.logout(request)
def logout(self, request):
try: try:
request.user.auth_token.delete() request.user.auth_token.delete()
except (AttributeError, ObjectDoesNotExist): except (AttributeError, ObjectDoesNotExist):