Merge pull request #2259 from tomchristie/testclient-logout-also-cancels-force-authenticate

`Client.logout()` also clears any `force_authenticate`
2025-11-04 18:08:03 +03:00 · 2014-12-12 13:33:06 +00:00 · 2014-12-12 13:33:06 +00:00 · fd473aa905
commit fd473aa905
parent 903fb5ff96 8825b258ca
2 changed files with 20 additions and 5 deletions
--- a/rest_framework/test.py
+++ b/rest_framework/test.py
@ -204,6 +204,11 @@ class APIClient(APIRequestFactory, DjangoClient):

    def logout(self):
        self._credentials = {}
+
+        # Also clear any `force_authenticate`
+        self.handler._force_user = None
+        self.handler._force_token = None
+
        return super(APIClient, self).logout()


--- a/tests/test_testing.py
+++ b/tests/test_testing.py
@ -1,15 +1,13 @@
-# -- coding: utf-8 --
-
+# encoding: utf-8
 from __future__ import unicode_literals
 from django.conf.urls import patterns, url
-from io import BytesIO
-
 from django.contrib.auth.models import User
 from django.shortcuts import redirect
 from django.test import TestCase
 from rest_framework.decorators import api_view
 from rest_framework.response import Response
 from rest_framework.test import APIClient, APIRequestFactory, force_authenticate
+from io import BytesIO


@api_view(['GET', 'POST'])
@ -109,7 +107,7 @@ class TestAPITestClient(TestCase):

    def test_can_logout(self):
        """
-        `logout()` reset stored credentials
+        `logout()` resets stored credentials
        """
        self.client.credentials(HTTP_AUTHORIZATION='example')
        response = self.client.get('/view/')
@ -118,6 +116,18 @@ class TestAPITestClient(TestCase):
        response = self.client.get('/view/')
        self.assertEqual(response.data['auth'], b'')

+    def test_logout_resets_force_authenticate(self):
+        """
+        `logout()` resets any `force_authenticate`
+        """
+        user = User.objects.create_user('example', 'example@example.com', 'password')
+        self.client.force_authenticate(user)
+        response = self.client.get('/view/')
+        self.assertEqual(response.data['user'], 'example')
+        self.client.logout()
+        response = self.client.get('/view/')
+        self.assertEqual(response.data['user'], '')
+
    def test_follow_redirect(self):
        """
        Follow redirect by setting follow argument.