mirror of https://github.com/snachodog/mybuddy.git
Support POST only for logout
This commit is contained in:
parent
32bfede6e2
commit
97fa8d7000
|
@ -269,7 +269,12 @@
|
|||
<h6 class="dropdown-header">{% trans "User" %}</h6>
|
||||
<a href="{% url 'babybuddy:user-settings' %}" class="dropdown-item">{% trans "Settings" %}</a>
|
||||
<a href="{% url 'babybuddy:user-password' %}" class="dropdown-item">{% trans "Password" %}</a>
|
||||
<a href="{% url 'babybuddy:logout' %}" class="dropdown-item">{% trans "Logout" %}</a>
|
||||
<form action="{% url 'babybuddy:logout' %}" role="form" method="post">
|
||||
{% csrf_token %}
|
||||
<button class="dropdown-item">
|
||||
{% trans "Logout" %}
|
||||
</button>
|
||||
</form>
|
||||
<h6 class="dropdown-header">{% trans "Site" %}</h6>
|
||||
<a href="{% url 'api:api-root' %}" class="dropdown-item">{% trans "API Browser" %}</a>
|
||||
{% if request.user.is_staff %}
|
||||
|
|
|
@ -70,3 +70,7 @@ class ViewsTestCase(TestCase):
|
|||
def test_welcome(self):
|
||||
page = self.c.get('/welcome/')
|
||||
self.assertEqual(page.status_code, 200)
|
||||
|
||||
def test_logout_get_fails(self):
|
||||
page = self.c.get('/logout/')
|
||||
self.assertEqual(page.status_code, 405)
|
||||
|
|
|
@ -9,7 +9,7 @@ from . import views
|
|||
|
||||
app_patterns = [
|
||||
path('login/', auth_views.LoginView.as_view(), name='login'),
|
||||
path('logout/', auth_views.LogoutView.as_view(), name='logout'),
|
||||
path('logout/', views.LogoutView.as_view(), name='logout'),
|
||||
path(
|
||||
'password_reset/',
|
||||
auth_views.PasswordResetView.as_view(),
|
||||
|
|
|
@ -3,12 +3,17 @@ from django.contrib import messages
|
|||
from django.contrib.auth import update_session_auth_hash
|
||||
from django.contrib.auth.forms import PasswordChangeForm
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.views import LogoutView as LogoutViewBase
|
||||
from django.contrib.messages.views import SuccessMessageMixin
|
||||
from django.shortcuts import redirect, render
|
||||
from django.urls import reverse, reverse_lazy
|
||||
from django.utils import translation
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils.text import format_lazy
|
||||
from django.utils.translation import gettext as _, gettext_lazy
|
||||
from django.views.decorators.cache import never_cache
|
||||
from django.views.decorators.csrf import csrf_protect
|
||||
from django.views.decorators.http import require_POST
|
||||
from django.views.generic import View
|
||||
from django.views.generic.base import TemplateView, RedirectView
|
||||
from django.views.generic.edit import CreateView, UpdateView, DeleteView
|
||||
|
@ -48,6 +53,13 @@ class BabyBuddyFilterView(FilterView):
|
|||
return context
|
||||
|
||||
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(never_cache, name='dispatch')
|
||||
@method_decorator(require_POST, name='dispatch')
|
||||
class LogoutView(LogoutViewBase):
|
||||
pass
|
||||
|
||||
|
||||
class UserList(StaffOnlyMixin, BabyBuddyFilterView):
|
||||
model = User
|
||||
template_name = 'babybuddy/user_list.html'
|
||||
|
|
Loading…
Reference in New Issue