Skip to content

Commit

Permalink
Merge pull request #296 from c-w/customize-logout-response
Browse files Browse the repository at this point in the history
Enable customizing login/logout responses
  • Loading branch information
giovannicimolin authored Oct 17, 2023
2 parents cd5dcb6 + 43d983d commit ffd9171
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 7 deletions.
18 changes: 15 additions & 3 deletions docs/views.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,24 @@ It responds to Knox Token Authentication. On a successful request,
the token used to authenticate is deleted from the
system and can no longer be used to authenticate.

By default, this endpoint returns a HTTP 204 response on a successful request. To
customize this behavior, you can override the `get_post_response` method, for example
to include a body in the logout response and/or to modify the status code:

```python
...snip...
def get_post_response(self, request):
return Response({"bye-bye": request.user.username}, status=200)
...snip...
```

## LogoutAllView
This view accepts only a post request with an empty body. It responds to Knox Token
Authentication.
On a successful request, the token used to authenticate, and *all other tokens*
registered to the same `User` account, are deleted from the
system and can no longer be used to authenticate.
On a successful request, a HTTP 204 is returned and the token used to authenticate,
and *all other tokens* registered to the same `User` account, are deleted from the
system and can no longer be used to authenticate. The success response can be modified
like the `LogoutView` by overriding the `get_post_response` method.

**Note** It is not recommended to alter the Logout views. They are designed
specifically for token management, and to respond to Knox authentication.
Expand Down
17 changes: 13 additions & 4 deletions knox/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ def get_post_response_data(self, request, token, instance):
).data
return data

def get_post_response(self, request, token, instance):
data = self.get_post_response_data(request, token, instance)
return Response(data)

def post(self, request, format=None):
token_limit_per_user = self.get_token_limit_per_user()
if token_limit_per_user is not None:
Expand All @@ -71,19 +75,21 @@ def post(self, request, format=None):
instance, token = self.create_token()
user_logged_in.send(sender=request.user.__class__,
request=request, user=request.user)
data = self.get_post_response_data(request, token, instance)
return Response(data)
return self.get_post_response(request, token, instance)


class LogoutView(APIView):
authentication_classes = (TokenAuthentication,)
permission_classes = (IsAuthenticated,)

def get_post_response(self, request):
return Response(None, status=status.HTTP_204_NO_CONTENT)

def post(self, request, format=None):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request, user=request.user)
return Response(None, status=status.HTTP_204_NO_CONTENT)
return self.get_post_response(request)


class LogoutAllView(APIView):
Expand All @@ -94,8 +100,11 @@ class LogoutAllView(APIView):
authentication_classes = (TokenAuthentication,)
permission_classes = (IsAuthenticated,)

def get_post_response(self, request):
return Response(None, status=status.HTTP_204_NO_CONTENT)

def post(self, request, format=None):
request.user.auth_token_set.all().delete()
user_logged_out.send(sender=request.user.__class__,
request=request, user=request.user)
return Response(None, status=status.HTTP_204_NO_CONTENT)
return self.get_post_response(request)

0 comments on commit ffd9171

Please sign in to comment.