Skip to content

Commit fd473aa

Browse files
tomchristietomchristie
committed
Merge pull request #2259 from tomchristie/testclient-logout-also-cancels-force-authenticate
`Client.logout()` also clears any `force_authenticate`
2 parents 903fb5f + 8825b25 commit fd473aa

File tree

2 files changed

+20
-5
lines changed

2 files changed

+20
-5
lines changed

rest_framework/test.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -204,6 +204,11 @@ def options(self, path, data=None, format=None, content_type=None,
204204

205205
def logout(self):
206206
self._credentials = {}
207+
208+
# Also clear any `force_authenticate`
209+
self.handler._force_user = None
210+
self.handler._force_token = None
211+
207212
return super(APIClient, self).logout()
208213

209214

tests/test_testing.py

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,13 @@
1-
# -- coding: utf-8 --
2-
1+
# encoding: utf-8
32
from __future__ import unicode_literals
43
from django.conf.urls import patterns, url
5-
from io import BytesIO
6-
74
from django.contrib.auth.models import User
85
from django.shortcuts import redirect
96
from django.test import TestCase
107
from rest_framework.decorators import api_view
118
from rest_framework.response import Response
129
from rest_framework.test import APIClient, APIRequestFactory, force_authenticate
10+
from io import BytesIO
1311

1412

1513
@api_view(['GET', 'POST'])
@@ -109,7 +107,7 @@ def test_explicitly_enforce_csrf_checks(self):
109107

110108
def test_can_logout(self):
111109
"""
112-
`logout()` reset stored credentials
110+
`logout()` resets stored credentials
113111
"""
114112
self.client.credentials(HTTP_AUTHORIZATION='example')
115113
response = self.client.get('/view/')
@@ -118,6 +116,18 @@ def test_can_logout(self):
118116
response = self.client.get('/view/')
119117
self.assertEqual(response.data['auth'], b'')
120118

119+
def test_logout_resets_force_authenticate(self):
120+
"""
121+
`logout()` resets any `force_authenticate`
122+
"""
123+
user = User.objects.create_user('example', 'example@example.com', 'password')
124+
self.client.force_authenticate(user)
125+
response = self.client.get('/view/')
126+
self.assertEqual(response.data['user'], 'example')
127+
self.client.logout()
128+
response = self.client.get('/view/')
129+
self.assertEqual(response.data['user'], '')
130+
121131
def test_follow_redirect(self):
122132
"""
123133
Follow redirect by setting follow argument.

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy