diff --git a/rest_framework/test.py b/rest_framework/test.py index 74d2c868f6..4f4b7c201a 100644 --- a/rest_framework/test.py +++ b/rest_framework/test.py @@ -204,6 +204,11 @@ def options(self, path, data=None, format=None, content_type=None, def logout(self): self._credentials = {} + + # Also clear any `force_authenticate` + self.handler._force_user = None + self.handler._force_token = None + return super(APIClient, self).logout() diff --git a/tests/test_testing.py b/tests/test_testing.py index 9fd5966eb7..87d2b61fa5 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -1,15 +1,13 @@ -# -- coding: utf-8 -- - +# encoding: utf-8 from __future__ import unicode_literals from django.conf.urls import patterns, url -from io import BytesIO - from django.contrib.auth.models import User from django.shortcuts import redirect from django.test import TestCase from rest_framework.decorators import api_view from rest_framework.response import Response from rest_framework.test import APIClient, APIRequestFactory, force_authenticate +from io import BytesIO @api_view(['GET', 'POST']) @@ -109,7 +107,7 @@ def test_explicitly_enforce_csrf_checks(self): def test_can_logout(self): """ - `logout()` reset stored credentials + `logout()` resets stored credentials """ self.client.credentials(HTTP_AUTHORIZATION='example') response = self.client.get('/view/') @@ -118,6 +116,18 @@ def test_can_logout(self): response = self.client.get('/view/') self.assertEqual(response.data['auth'], b'') + def test_logout_resets_force_authenticate(self): + """ + `logout()` resets any `force_authenticate` + """ + user = User.objects.create_user('example', 'example@example.com', 'password') + self.client.force_authenticate(user) + response = self.client.get('/view/') + self.assertEqual(response.data['user'], 'example') + self.client.logout() + response = self.client.get('/view/') + self.assertEqual(response.data['user'], '') + def test_follow_redirect(self): """ Follow redirect by setting follow argument.