Simplified LogoutView.get_success_url().

This preserves the behavior of redirecting to the logout URL without query string parameters when an insecure ?next=... parameter is given. It changes the behavior of a POST to the logout URL, as shown by the test that is changed. Currently, this results in a GET to the logout URL. However, such GET requests are deprecated. This change would be necessary in Django 5.0 anyway. This commit merely anticipates it.
2025-10-31 09:41:08 +00:00 · 2022-04-16 20:21:29 +02:00
parent 5fcd9b8c33
commit 04bc2564b6
2 changed files with 13 additions and 18 deletions
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -984,6 +984,8 @@ class LogoutThenLoginTests(AuthViewsTestCase):
        csrf_token = get_token(req)
        req.COOKIES[settings.CSRF_COOKIE_NAME] = csrf_token
        req.POST = {"csrfmiddlewaretoken": csrf_token}
+        req.META["SERVER_NAME"] = "testserver"
+        req.META["SERVER_PORT"] = 80
        req.session = self.client.session
        response = logout_then_login(req)
        self.confirm_logged_out()
@@ -996,6 +998,8 @@ class LogoutThenLoginTests(AuthViewsTestCase):
        csrf_token = get_token(req)
        req.COOKIES[settings.CSRF_COOKIE_NAME] = csrf_token
        req.POST = {"csrfmiddlewaretoken": csrf_token}
+        req.META["SERVER_NAME"] = "testserver"
+        req.META["SERVER_PORT"] = 80
        req.session = self.client.session
        response = logout_then_login(req, login_url="/custom/")
        self.confirm_logged_out()
@@ -1007,6 +1011,8 @@ class LogoutThenLoginTests(AuthViewsTestCase):
        self.login()
        req = HttpRequest()
        req.method = "GET"
+        req.META["SERVER_NAME"] = "testserver"
+        req.META["SERVER_PORT"] = 80
        req.session = self.client.session
        response = logout_then_login(req)
        # RemovedInDjango50Warning: When the deprecation ends, replace with
@@ -1345,7 +1351,8 @@ class LogoutTest(AuthViewsTestCase):
    def test_logout_redirect_url_named_setting(self):
        self.login()
        response = self.client.post("/logout/")
-        self.assertRedirects(response, "/logout/", fetch_redirect_response=False)
+        self.assertContains(response, "Logged out")
+        self.confirm_logged_out()


 def get_perm(Model, perm):