Added a request.auth check to logout to avoid false success message w…

…hen no token is passed (#601) * Added a request.auth check to logout In case of no authentication is passed it results a fake successful message in logout. Added a check to request.auth on top of logout * Fixed failing cases
iMerica · Mar 24, 2024 · 6807ea0 · 6807ea0
1 parent 4416ee1
commit 6807ea0
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/dj_rest_auth/views.py b/dj_rest_auth/views.py
@@ -150,6 +150,11 @@ def post(self, request, *args, **kwargs):
         return self.logout(request)
 
     def logout(self, request):
+        if not (request.auth or api_settings.USE_JWT or api_settings.SESSION_LOGIN):
+            return Response(
+                {'detail': _('You should be logged in to logout. Check whether the token is passed.')},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
         try:
             request.user.auth_token.delete()
         except (AttributeError, ObjectDoesNotExist):