Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Logout view change permission_classes
See original GitHub issueShouldn’t the LogoutView have permission_classes set to permission_classes = (IsAuthenticated,) instead of permission_classes = (AllowAny,) , regardless of GET/POST method ?
- in addition in the
logoutfunction:
def logout(self, request):
try:
request.user.auth_token.delete()
except (AttributeError, ObjectDoesNotExist):
pass
should be changed to
def logout(self, request):
try:
request.user.auth_token.delete()
except (AttributeError, ObjectDoesNotExist):
# handle NotAuthenticated
Issue Analytics
- State:
- Created 6 years ago
- Comments:11 (6 by maintainers)
Top Results From Across the Web
Using the Django authentication system
Access to view the change list, view the “change” form and change an object is limited to users with the “change” permission for...
Read more >Permissions - Django REST framework
Permissions in REST framework are always defined as a list of permission classes. Before running the main body of the view each permission...
Read more >Django: class based view logout user if not staff - Stack Overflow
I'm new to Django and I'm trying to use the PermissionRequiredMixin to verify if the authenticated user is staff before access to page,...
Read more >Django Tutorial Part 8: User authentication and permissions
Permissions can be tested in function view using the permission_required decorator or in a class-based view using the PermissionRequiredMixin .
Read more >Log Out With User Authentication - Django Wednesdays #22
In this video we'll add the ability to log out a user in our Django App.Logging out witht he Django User Authentication system...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
It is a bit confusing for the developer perspective as you test at first and it’s not so clear as a response to say: “detail”: “Successfully logged out.” when actually nothing happened. I think it is an easy fix.
Hey @Akay7 @maxim-kht ,
I was looking from the perspective of “the correct response for every API call” but since the view doesn’t return any sensitive data , a valid argument is that it doesn’t have to be guarded.