Merge pull request #152 from caruccio/logout-on-get

mariodev · mariodev · commit ef56efc0c8c1 · 2016-02-26T13:38:01.000+01:00
Allow logout on GET
diff --git a/docs/api_endpoints.rst b/docs/api_endpoints.rst
@@ -11,7 +11,9 @@ Basic
     - password (string)
 
 
-- /rest-auth/logout/ (POST)
+- /rest-auth/logout/ (POST, GET)
+
+    .. note:: ``ACCOUNT_LOGOUT_ON_GET = True`` to allow logout using GET (this is the exact same conf from allauth)
 
     - token
 
diff --git a/rest_auth/tests/test_api.py b/rest_auth/tests/test_api.py
@@ -378,3 +378,29 @@ def test_registration_with_email_verification(self):
         # try to login again
         self._login()
         self._logout()
+
+    @override_settings(ACCOUNT_LOGOUT_ON_GET=True)
+    def test_logout_on_get(self):
+        payload = {
+            "username": self.USERNAME,
+            "password": self.PASS
+        }
+
+        # create user
+        user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
+
+        self.post(self.login_url, data=payload, status_code=200)
+        self.get(self.logout_url, status=status.HTTP_200_OK)
+
+    @override_settings(ACCOUNT_LOGOUT_ON_GET=False)
+    def test_logout_on_post_only(self):
+        payload = {
+            "username": self.USERNAME,
+            "password": self.PASS
+        }
+
+        # create user
+        user = get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
+
+        self.post(self.login_url, data=payload, status_code=status.HTTP_200_OK)
+        self.get(self.logout_url, status_code=status.HTTP_405_METHOD_NOT_ALLOWED)
diff --git a/rest_auth/views.py b/rest_auth/views.py
@@ -10,6 +10,8 @@
 from rest_framework.permissions import IsAuthenticated, AllowAny
 from rest_framework.generics import RetrieveUpdateAPIView
 
+from allauth.account import app_settings as allauth_settings
+
 from .app_settings import (
     TokenSerializer, UserDetailsSerializer, LoginSerializer,
     PasswordResetSerializer, PasswordResetConfirmSerializer,
@@ -62,7 +64,23 @@ class LogoutView(APIView):
     """
     permission_classes = (AllowAny,)
 
+    def get(self, request, *args, **kwargs):
+        try:
+            if allauth_settings.LOGOUT_ON_GET:
+                response = self.logout(request)
+            else:
+                response = self.http_method_not_allowed(request, *args, **kwargs)
+        except Exception as exc:
+            response = self.handle_exception(exc)
+
+        return self.finalize_response(request, response, *args, **kwargs)
+        self.response = self.finalize_response(request, response, *args, **kwargs)
+        return self.response
+
     def post(self, request):
+        return self.logout(request)
+
+    def logout(self, request):
         try:
             request.user.auth_token.delete()
         except (AttributeError, ObjectDoesNotExist):
