Client.logout() also clears any force_authenticate

78312d44 · Tom Christie · 903fb5ff · 78312d44 · 78312d44
Commit 78312d44 authored Dec 12, 2014 by Tom Christie
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 1 deletions

rest_framework/test.py
+5 -0

tests/test_testing.py
+13 -1

No files found.
--- a/rest_framework/test.py
+++ b/rest_framework/test.py
@@ -204,6 +204,11 @@ class APIClient(APIRequestFactory, DjangoClient):
    def logout(self):
        self._credentials = {}
+        # Also clear any `force_authenticate`
+        self.handler._force_user = None
+        self.handler._force_token = None
        return super(APIClient, self).logout()

--- a/tests/test_testing.py
+++ b/tests/test_testing.py
@@ -109,7 +109,7 @@ class TestAPITestClient(TestCase):
    def test_can_logout(self):
        """
-        `logout()` reset stored credentials
+        `logout()` resets stored credentials
        """
        self.client.credentials(HTTP_AUTHORIZATION='example')
        response = self.client.get('/view/')
@@ -118,6 +118,18 @@ class TestAPITestClient(TestCase):
        response = self.client.get('/view/')
        self.assertEqual(response.data['auth'], b'')
+    def test_logout_resets_force_authenticate(self):
+        """
+        `logout()` resets any `force_authenticate`
+        """
+        user = User.objects.create_user('example', 'example@example.com', 'password')
+        self.client.force_authenticate(user)
+        response = self.client.get('/view/')
+        self.assertEqual(response.data['user'], 'example')
+        self.client.logout()
+        response = self.client.get('/view/')
+        self.assertEqual(response.data['user'], b'')
    def test_follow_redirect(self):
        """
        Follow redirect by setting follow argument.