Client.logout() also clears any force_authenticate

tomchristie · tomchristie · commit 78312d44d1e1 · 2014-12-12T13:13:08.000Z
diff --git a/rest_framework/test.py b/rest_framework/test.py
@@ -204,6 +204,11 @@ def options(self, path, data=None, format=None, content_type=None,
 
     def logout(self):
         self._credentials = {}
+
+        # Also clear any `force_authenticate`
+        self.handler._force_user = None
+        self.handler._force_token = None
+
         return super(APIClient, self).logout()
 
 
diff --git a/tests/test_testing.py b/tests/test_testing.py
@@ -109,7 +109,7 @@ def test_explicitly_enforce_csrf_checks(self):
 
     def test_can_logout(self):
         """
-        `logout()` reset stored credentials
+        `logout()` resets stored credentials
         """
         self.client.credentials(HTTP_AUTHORIZATION='example')
         response = self.client.get('/view/')
@@ -118,6 +118,18 @@ def test_can_logout(self):
         response = self.client.get('/view/')
         self.assertEqual(response.data['auth'], b'')
 
+    def test_logout_resets_force_authenticate(self):
+        """
+        `logout()` resets any `force_authenticate`
+        """
+        user = User.objects.create_user('example', 'example@example.com', 'password')
+        self.client.force_authenticate(user)
+        response = self.client.get('/view/')
+        self.assertEqual(response.data['user'], 'example')
+        self.client.logout()
+        response = self.client.get('/view/')
+        self.assertEqual(response.data['user'], b'')
+
     def test_follow_redirect(self):
         """
         Follow redirect by setting follow argument.
