mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
This commit is contained in:
parent
2e1aec2ba6
commit
6c57c08ae5
@ -1,4 +1,3 @@
|
||||
import warnings
|
||||
from urllib.parse import urlparse, urlunparse
|
||||
|
||||
from django.conf import settings
|
||||
@ -22,7 +21,6 @@ from django.http import HttpResponseRedirect, QueryDict
|
||||
from django.shortcuts import resolve_url
|
||||
from django.urls import reverse_lazy
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils.deprecation import RemovedInDjango50Warning
|
||||
from django.utils.http import url_has_allowed_host_and_scheme, urlsafe_base64_decode
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views.decorators.cache import never_cache
|
||||
@ -128,25 +126,15 @@ class LogoutView(RedirectURLMixin, TemplateView):
|
||||
Log out the user and display the 'You are logged out' message.
|
||||
"""
|
||||
|
||||
# RemovedInDjango50Warning: when the deprecation ends, remove "get" and
|
||||
# "head" from http_method_names.
|
||||
http_method_names = ["get", "head", "post", "options"]
|
||||
http_method_names = ["post", "options"]
|
||||
template_name = "registration/logged_out.html"
|
||||
extra_context = None
|
||||
|
||||
# RemovedInDjango50Warning: when the deprecation ends, move
|
||||
# @method_decorator(csrf_protect) from post() to dispatch().
|
||||
@method_decorator(csrf_protect)
|
||||
@method_decorator(never_cache)
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if request.method.lower() == "get":
|
||||
warnings.warn(
|
||||
"Log out via GET requests is deprecated and will be removed in Django "
|
||||
"5.0. Use POST requests for logging out.",
|
||||
RemovedInDjango50Warning,
|
||||
)
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
@method_decorator(csrf_protect)
|
||||
def post(self, request, *args, **kwargs):
|
||||
"""Logout may be done via POST."""
|
||||
auth_logout(request)
|
||||
@ -156,9 +144,6 @@ class LogoutView(RedirectURLMixin, TemplateView):
|
||||
return HttpResponseRedirect(redirect_to)
|
||||
return super().get(request, *args, **kwargs)
|
||||
|
||||
# RemovedInDjango50Warning.
|
||||
get = post
|
||||
|
||||
def get_default_redirect_url(self):
|
||||
"""Return the default redirect URL."""
|
||||
if self.next_page:
|
||||
|
@ -327,3 +327,7 @@ to remove usage of these features.
|
||||
|
||||
* ``created=True`` is required in the signature of
|
||||
``RemoteUserBackend.configure_user()`` subclasses.
|
||||
|
||||
* Support for logging out via ``GET`` requests in the
|
||||
``django.contrib.auth.views.LogoutView`` and
|
||||
``django.contrib.auth.views.logout_then_login()`` is removed.
|
||||
|
@ -1158,11 +1158,6 @@ implementation details see :ref:`using-the-views`.
|
||||
|
||||
Logs a user out on ``POST`` requests.
|
||||
|
||||
.. deprecated:: 4.1
|
||||
|
||||
Support for logging out on ``GET`` requests is deprecated and will be
|
||||
removed in Django 5.0.
|
||||
|
||||
**URL name:** ``logout``
|
||||
|
||||
**Attributes:**
|
||||
|
@ -30,10 +30,9 @@ from django.core.exceptions import ImproperlyConfigured
|
||||
from django.db import connection
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.middleware.csrf import CsrfViewMiddleware, get_token
|
||||
from django.test import Client, TestCase, ignore_warnings, override_settings
|
||||
from django.test import Client, TestCase, override_settings
|
||||
from django.test.client import RedirectCycleError
|
||||
from django.urls import NoReverseMatch, reverse, reverse_lazy
|
||||
from django.utils.deprecation import RemovedInDjango50Warning
|
||||
from django.utils.http import urlsafe_base64_encode
|
||||
|
||||
from .client import PasswordResetConfirmClient
|
||||
@ -1020,7 +1019,6 @@ class LogoutThenLoginTests(AuthViewsTestCase):
|
||||
self.confirm_logged_out()
|
||||
self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
|
||||
|
||||
@ignore_warnings(category=RemovedInDjango50Warning)
|
||||
@override_settings(LOGIN_URL="/login/")
|
||||
def test_default_logout_then_login_get(self):
|
||||
self.login()
|
||||
@ -1030,10 +1028,7 @@ class LogoutThenLoginTests(AuthViewsTestCase):
|
||||
req.META["SERVER_PORT"] = 80
|
||||
req.session = self.client.session
|
||||
response = logout_then_login(req)
|
||||
# RemovedInDjango50Warning: When the deprecation ends, replace with
|
||||
# self.assertEqual(response.status_code, 405)
|
||||
self.confirm_logged_out()
|
||||
self.assertRedirects(response, "/login/", fetch_redirect_response=False)
|
||||
self.assertEqual(response.status_code, 405)
|
||||
|
||||
|
||||
class LoginRedirectAuthenticatedUser(AuthViewsTestCase):
|
||||
@ -1187,17 +1182,6 @@ class LogoutTest(AuthViewsTestCase):
|
||||
self.assertContains(response, "Logged out")
|
||||
self.confirm_logged_out()
|
||||
|
||||
def test_logout_with_get_raises_deprecation_warning(self):
|
||||
self.login()
|
||||
msg = (
|
||||
"Log out via GET requests is deprecated and will be removed in Django 5.0. "
|
||||
"Use POST requests for logging out."
|
||||
)
|
||||
with self.assertWarnsMessage(RemovedInDjango50Warning, msg):
|
||||
response = self.client.get("/logout/")
|
||||
self.assertContains(response, "Logged out")
|
||||
self.confirm_logged_out()
|
||||
|
||||
def test_14377(self):
|
||||
# Bug 14377
|
||||
self.login()
|
||||
|
Loading…
Reference in New Issue
Block a user