Merge pull request jazzband#296 from c-w/customize-logout-response

Enable customizing login/logout responses
Rotzbua · Oct 17, 2023 · ffd9171 · ffd9171
2 parents cd5dcb6 + 43d983d
commit ffd9171
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 7 deletions.
diff --git a/docs/views.md b/docs/views.md
@@ -67,12 +67,24 @@ It responds to Knox Token Authentication. On a successful request,
 the token used to authenticate is deleted from the
 system and can no longer be used to authenticate.
 
+By default, this endpoint returns a HTTP 204 response on a successful request. To
+customize this behavior, you can override the `get_post_response` method, for example
+to include a body in the logout response and/or to modify the status code:
+
+```python
+...snip...
+    def get_post_response(self, request):
+        return Response({"bye-bye": request.user.username}, status=200)
+...snip...
+```
+
 ## LogoutAllView
 This view accepts only a post request with an empty body. It responds to Knox Token
 Authentication.
-On a successful request, the token used to authenticate, and *all other tokens*
-registered to the same `User` account, are deleted from the
-system and can no longer be used to authenticate.
+On a successful request, a HTTP 204 is returned and the token used to authenticate,
+and *all other tokens* registered to the same `User` account, are deleted from the
+system and can no longer be used to authenticate. The success response can be modified
+like the `LogoutView` by overriding the `get_post_response` method.
 
 **Note** It is not recommended to alter the Logout views. They are designed
 specifically for token management, and to respond to Knox authentication.

diff --git a/knox/views.py b/knox/views.py
@@ -58,6 +58,10 @@ def get_post_response_data(self, request, token, instance):
             ).data
         return data
 
+    def get_post_response(self, request, token, instance):
+        data = self.get_post_response_data(request, token, instance)
+        return Response(data)
+
     def post(self, request, format=None):
         token_limit_per_user = self.get_token_limit_per_user()
         if token_limit_per_user is not None:
@@ -71,19 +75,21 @@ def post(self, request, format=None):
         instance, token = self.create_token()
         user_logged_in.send(sender=request.user.__class__,
                             request=request, user=request.user)
-        data = self.get_post_response_data(request, token, instance)
-        return Response(data)
+        return self.get_post_response(request, token, instance)
 
 
 class LogoutView(APIView):
     authentication_classes = (TokenAuthentication,)
     permission_classes = (IsAuthenticated,)
 
+    def get_post_response(self, request):
+        return Response(None, status=status.HTTP_204_NO_CONTENT)
+
     def post(self, request, format=None):
         request._auth.delete()
         user_logged_out.send(sender=request.user.__class__,
                              request=request, user=request.user)
-        return Response(None, status=status.HTTP_204_NO_CONTENT)
+        return self.get_post_response(request)
 
 
 class LogoutAllView(APIView):
@@ -94,8 +100,11 @@ class LogoutAllView(APIView):
     authentication_classes = (TokenAuthentication,)
     permission_classes = (IsAuthenticated,)
 
+    def get_post_response(self, request):
+        return Response(None, status=status.HTTP_204_NO_CONTENT)
+
     def post(self, request, format=None):
         request.user.auth_token_set.all().delete()
         user_logged_out.send(sender=request.user.__class__,
                              request=request, user=request.user)
-        return Response(None, status=status.HTTP_204_NO_CONTENT)
+        return self.get_post_response(request)