Client.logout() also clears any force_authenticate

2024-11-22 09:36:49 +03:00 · 2014-12-12 13:13:08 +00:00 · 2014-12-12 13:13:08 +00:00 · 78312d44d1
commit 78312d44d1
parent 903fb5ff96
2 changed files with 18 additions and 1 deletions
--- a/rest_framework/test.py
+++ b/rest_framework/test.py
@ -204,6 +204,11 @@ class APIClient(APIRequestFactory, DjangoClient):

    def logout(self):
        self._credentials = {}
+
+        # Also clear any `force_authenticate`
+        self.handler._force_user = None
+        self.handler._force_token = None
+
        return super(APIClient, self).logout()


--- a/tests/test_testing.py
+++ b/tests/test_testing.py
@ -109,7 +109,7 @@ class TestAPITestClient(TestCase):

    def test_can_logout(self):
        """
-        `logout()` reset stored credentials
+        `logout()` resets stored credentials
        """
        self.client.credentials(HTTP_AUTHORIZATION='example')
        response = self.client.get('/view/')
@ -118,6 +118,18 @@ class TestAPITestClient(TestCase):
        response = self.client.get('/view/')
        self.assertEqual(response.data['auth'], b'')

+    def test_logout_resets_force_authenticate(self):
+        """
+        `logout()` resets any `force_authenticate`
+        """
+        user = User.objects.create_user('example', 'example@example.com', 'password')
+        self.client.force_authenticate(user)
+        response = self.client.get('/view/')
+        self.assertEqual(response.data['user'], 'example')
+        self.client.logout()
+        response = self.client.get('/view/')
+        self.assertEqual(response.data['user'], b'')
+
    def test_follow_redirect(self):
        """
        Follow redirect by setting follow argument.