Skip to content

Commit fd473aa

Browse files
tomchristietomchristie
committed
Merge pull request #2259 from tomchristie/testclient-logout-also-cancels-force-authenticate
`Client.logout()` also clears any `force_authenticate`
2 parents 903fb5f + 8825b25 commit fd473aa

File tree

2 files changed

+20
-5
lines changed

2 files changed

+20
-5
lines changed

rest_framework/test.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -204,6 +204,11 @@ def options(self, path, data=None, format=None, content_type=None,
204204

205205
def logout(self):
206206
self._credentials = {}
207+
208+
# Also clear any `force_authenticate`
209+
self.handler._force_user = None
210+
self.handler._force_token = None
211+
207212
return super(APIClient, self).logout()
208213

209214

tests/test_testing.py

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,13 @@
1-
# -- coding: utf-8 --
2-
1+
# encoding: utf-8
32
from __future__ import unicode_literals
43
from django.conf.urls import patterns, url
5-
from io import BytesIO
6-
74
from django.contrib.auth.models import User
85
from django.shortcuts import redirect
96
from django.test import TestCase
107
from rest_framework.decorators import api_view
118
from rest_framework.response import Response
129
from rest_framework.test import APIClient, APIRequestFactory, force_authenticate
10+
from io import BytesIO
1311

1412

1513
@api_view(['GET', 'POST'])
@@ -109,7 +107,7 @@ def test_explicitly_enforce_csrf_checks(self):
109107

110108
def test_can_logout(self):
111109
"""
112-
`logout()` reset stored credentials
110+
`logout()` resets stored credentials
113111
"""
114112
self.client.credentials(HTTP_AUTHORIZATION='example')
115113
response = self.client.get('/view/')
@@ -118,6 +116,18 @@ def test_can_logout(self):
118116
response = self.client.get('/view/')
119117
self.assertEqual(response.data['auth'], b'')
120118

119+
def test_logout_resets_force_authenticate(self):
120+
"""
121+
`logout()` resets any `force_authenticate`
122+
"""
123+
user = User.objects.create_user('example', '[email protected]', 'password')
124+
self.client.force_authenticate(user)
125+
response = self.client.get('/view/')
126+
self.assertEqual(response.data['user'], 'example')
127+
self.client.logout()
128+
response = self.client.get('/view/')
129+
self.assertEqual(response.data['user'], '')
130+
121131
def test_follow_redirect(self):
122132
"""
123133
Follow redirect by setting follow argument.

0 commit comments

Comments
 (0)