From 761dad2d5bfd5c210b65305a4aab69837bbf92ea Mon Sep 17 00:00:00 2001 From: Clemens Wolff Date: Mon, 16 Jan 2023 12:23:40 +0100 Subject: [PATCH 1/2] Enable customizing login/logout responses --- knox/views.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/knox/views.py b/knox/views.py index 7a6b5719..97cbe42c 100644 --- a/knox/views.py +++ b/knox/views.py @@ -58,6 +58,10 @@ def get_post_response_data(self, request, token, instance): ).data return data + def get_post_response(self, request, token, instance): + data = self.get_post_response_data(request, token, instance) + return Response(data) + def post(self, request, format=None): token_limit_per_user = self.get_token_limit_per_user() if token_limit_per_user is not None: @@ -71,19 +75,21 @@ def post(self, request, format=None): instance, token = self.create_token() user_logged_in.send(sender=request.user.__class__, request=request, user=request.user) - data = self.get_post_response_data(request, token, instance) - return Response(data) + return self.get_post_response(request, token, instance) class LogoutView(APIView): authentication_classes = (TokenAuthentication,) permission_classes = (IsAuthenticated,) + def get_post_response(self, request): + return Response(None, status=status.HTTP_204_NO_CONTENT) + def post(self, request, format=None): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) - return Response(None, status=status.HTTP_204_NO_CONTENT) + return self.get_post_response(request) class LogoutAllView(APIView): @@ -94,8 +100,11 @@ class LogoutAllView(APIView): authentication_classes = (TokenAuthentication,) permission_classes = (IsAuthenticated,) + def get_post_response(self, request): + return Response(None, status=status.HTTP_204_NO_CONTENT) + def post(self, request, format=None): request.user.auth_token_set.all().delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) - return Response(None, status=status.HTTP_204_NO_CONTENT) + return self.get_post_response(request) From 43d983d49b4fbfb302077f84c61e8e49267b1a24 Mon Sep 17 00:00:00 2001 From: Clemens Wolff Date: Tue, 17 Oct 2023 10:06:40 +0200 Subject: [PATCH 2/2] Add docs for get_post_response --- docs/views.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/docs/views.md b/docs/views.md index 074b16a7..285222da 100644 --- a/docs/views.md +++ b/docs/views.md @@ -67,12 +67,24 @@ It responds to Knox Token Authentication. On a successful request, the token used to authenticate is deleted from the system and can no longer be used to authenticate. +By default, this endpoint returns a HTTP 204 response on a successful request. To +customize this behavior, you can override the `get_post_response` method, for example +to include a body in the logout response and/or to modify the status code: + +```python +...snip... + def get_post_response(self, request): + return Response({"bye-bye": request.user.username}, status=200) +...snip... +``` + ## LogoutAllView This view accepts only a post request with an empty body. It responds to Knox Token Authentication. -On a successful request, the token used to authenticate, and *all other tokens* -registered to the same `User` account, are deleted from the -system and can no longer be used to authenticate. +On a successful request, a HTTP 204 is returned and the token used to authenticate, +and *all other tokens* registered to the same `User` account, are deleted from the +system and can no longer be used to authenticate. The success response can be modified +like the `LogoutView` by overriding the `get_post_response` method. **Note** It is not recommended to alter the Logout views. They are designed specifically for token management, and to respond to Knox authentication.