mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-22 01:26:53 +03:00
Use POST method instead of GET to perform logout in browsable API (#9208)
* Use POST method instead of GET to perform logout in browsable API * Add a test that checks the presence of the logout form
This commit is contained in:
parent
df89f32b88
commit
2ef77b1833
|
@ -42,7 +42,7 @@
|
||||||
<ul class="nav navbar-nav pull-right">
|
<ul class="nav navbar-nav pull-right">
|
||||||
{% block userlinks %}
|
{% block userlinks %}
|
||||||
{% if user.is_authenticated %}
|
{% if user.is_authenticated %}
|
||||||
{% optional_logout request user %}
|
{% optional_logout request user csrf_token %}
|
||||||
{% else %}
|
{% else %}
|
||||||
{% optional_login request %}
|
{% optional_login request %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -46,7 +46,7 @@
|
||||||
<ul class="nav navbar-nav pull-right">
|
<ul class="nav navbar-nav pull-right">
|
||||||
{% block userlinks %}
|
{% block userlinks %}
|
||||||
{% if user.is_authenticated %}
|
{% if user.is_authenticated %}
|
||||||
{% optional_logout request user %}
|
{% optional_logout request user csrf_token %}
|
||||||
{% else %}
|
{% else %}
|
||||||
{% optional_login request %}
|
{% optional_login request %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -119,7 +119,7 @@ def optional_docs_login(request):
|
||||||
|
|
||||||
|
|
||||||
@register.simple_tag
|
@register.simple_tag
|
||||||
def optional_logout(request, user):
|
def optional_logout(request, user, csrf_token):
|
||||||
"""
|
"""
|
||||||
Include a logout snippet if REST framework's logout view is in the URLconf.
|
Include a logout snippet if REST framework's logout view is in the URLconf.
|
||||||
"""
|
"""
|
||||||
|
@ -135,11 +135,16 @@ def optional_logout(request, user):
|
||||||
<b class="caret"></b>
|
<b class="caret"></b>
|
||||||
</a>
|
</a>
|
||||||
<ul class="dropdown-menu">
|
<ul class="dropdown-menu">
|
||||||
<li><a href='{href}?next={next}'>Log out</a></li>
|
<form id="logoutForm" method="post" action="{href}?next={next}">
|
||||||
|
<input type="hidden" name="csrfmiddlewaretoken" value="{csrf_token}">
|
||||||
|
</form>
|
||||||
|
<li>
|
||||||
|
<a href="#" onclick='document.getElementById("logoutForm").submit()'>Log out</a>
|
||||||
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>"""
|
</li>"""
|
||||||
snippet = format_html(snippet, user=escape(user), href=logout_url, next=escape(request.path))
|
snippet = format_html(snippet, user=escape(user), href=logout_url,
|
||||||
|
next=escape(request.path), csrf_token=csrf_token)
|
||||||
return mark_safe(snippet)
|
return mark_safe(snippet)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -65,6 +65,12 @@ class DropdownWithAuthTests(TestCase):
|
||||||
content = response.content.decode()
|
content = response.content.decode()
|
||||||
assert '>Log in<' in content
|
assert '>Log in<' in content
|
||||||
|
|
||||||
|
def test_dropdown_contains_logout_form(self):
|
||||||
|
self.client.login(username=self.username, password=self.password)
|
||||||
|
response = self.client.get('/')
|
||||||
|
content = response.content.decode()
|
||||||
|
assert '<form id="logoutForm" method="post" action="/auth/logout/?next=/">' in content
|
||||||
|
|
||||||
|
|
||||||
@override_settings(ROOT_URLCONF='tests.browsable_api.no_auth_urls')
|
@override_settings(ROOT_URLCONF='tests.browsable_api.no_auth_urls')
|
||||||
class NoDropdownWithoutAuthTests(TestCase):
|
class NoDropdownWithoutAuthTests(TestCase):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user