summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2023-01-13 06:03:29 +0100
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2023-01-17 11:49:15 +0100
commit9a01311d204ebf23e615a0802cedcc7b6b373826 (patch)
tree4d3b8aae9479f034b02fbdc15a89080ab2589c7d
parentba082e09524c9fba9fa8ba472c896ef645b09dd6 (diff)
Refs #15619 -- Removed support for logging out via GET requests.
Per deprecation timeline.
-rw-r--r--django/contrib/auth/views.py19
-rw-r--r--docs/releases/5.0.txt4
-rw-r--r--docs/topics/auth/default.txt5
-rw-r--r--tests/auth_tests/test_views.py20
4 files changed, 8 insertions, 40 deletions
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index 2d19d6f884..0d16104655 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -1,4 +1,3 @@
-import warnings
from urllib.parse import urlparse, urlunparse
from django.conf import settings
@@ -22,7 +21,6 @@ from django.http import HttpResponseRedirect, QueryDict
from django.shortcuts import resolve_url
from django.urls import reverse_lazy
from django.utils.decorators import method_decorator
-from django.utils.deprecation import RemovedInDjango50Warning
from django.utils.http import url_has_allowed_host_and_scheme, urlsafe_base64_decode
from django.utils.translation import gettext_lazy as _
from django.views.decorators.cache import never_cache
@@ -128,25 +126,15 @@ class LogoutView(RedirectURLMixin, TemplateView):
Log out the user and display the 'You are logged out' message.
"""
- # RemovedInDjango50Warning: when the deprecation ends, remove "get" and
- # "head" from http_method_names.
- http_method_names = ["get", "head", "post", "options"]
+ http_method_names = ["post", "options"]
template_name = "registration/logged_out.html"
extra_context = None
- # RemovedInDjango50Warning: when the deprecation ends, move
- # @method_decorator(csrf_protect) from post() to dispatch().
+ @method_decorator(csrf_protect)
@method_decorator(never_cache)
def dispatch(self, request, *args, **kwargs):
- if request.method.lower() == "get":
- warnings.warn(
- "Log out via GET requests is deprecated and will be removed in Django "
- "5.0. Use POST requests for logging out.",
- RemovedInDjango50Warning,
- )
return super().dispatch(request, *args, **kwargs)
- @method_decorator(csrf_protect)
def post(self, request, *args, **kwargs):
"""Logout may be done via POST."""
auth_logout(request)
@@ -156,9 +144,6 @@ class LogoutView(RedirectURLMixin, TemplateView):
return HttpResponseRedirect(redirect_to)
return super().get(request, *args, **kwargs)
- # RemovedInDjango50Warning.
- get = post
-
def get_default_redirect_url(self):
"""Return the default redirect URL."""
if self.next_page:
diff --git a/docs/releases/5.0.txt b/docs/releases/5.0.txt
index ed82f62640..9c7a10c294 100644
--- a/docs/releases/5.0.txt
+++ b/docs/releases/5.0.txt
@@ -327,3 +327,7 @@ to remove usage of these features.
* ``created=True`` is required in the signature of
``RemoteUserBackend.configure_user()`` subclasses.
+
+* Support for logging out via ``GET`` requests in the
+ ``django.contrib.auth.views.LogoutView`` and
+ ``django.contrib.auth.views.logout_then_login()`` is removed.
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index 038f2b8eaf..c3fb17788a 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -1158,11 +1158,6 @@ implementation details see :ref:`using-the-views`.
Logs a user out on ``POST`` requests.
- .. deprecated:: 4.1
-
- Support for logging out on ``GET`` requests is deprecated and will be
- removed in Django 5.0.
-
**URL name:** ``logout``
**Attributes:**
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 87022fd290..d15a166c98 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -30,10 +30,9 @@ from django.core.exceptions import ImproperlyConfigured
from django.db import connection
from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import CsrfViewMiddleware, get_token
-from django.test import Client, TestCase, ignore_warnings, override_settings
+from django.test import Client, TestCase, override_settings
from django.test.client import RedirectCycleError
from django.urls import NoReverseMatch, reverse, reverse_lazy
-from django.utils.deprecation import RemovedInDjango50Warning
from django.utils.http import urlsafe_base64_encode
from .client import PasswordResetConfirmClient
@@ -1020,7 +1019,6 @@ class LogoutThenLoginTests(AuthViewsTestCase):
self.confirm_logged_out()
self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
- @ignore_warnings(category=RemovedInDjango50Warning)
@override_settings(LOGIN_URL="/login/")
def test_default_logout_then_login_get(self):
self.login()
@@ -1030,10 +1028,7 @@ class LogoutThenLoginTests(AuthViewsTestCase):
req.META["SERVER_PORT"] = 80
req.session = self.client.session
response = logout_then_login(req)
- # RemovedInDjango50Warning: When the deprecation ends, replace with
- # self.assertEqual(response.status_code, 405)
- self.confirm_logged_out()
- self.assertRedirects(response, "/login/", fetch_redirect_response=False)
+ self.assertEqual(response.status_code, 405)
class LoginRedirectAuthenticatedUser(AuthViewsTestCase):
@@ -1187,17 +1182,6 @@ class LogoutTest(AuthViewsTestCase):
self.assertContains(response, "Logged out")
self.confirm_logged_out()
- def test_logout_with_get_raises_deprecation_warning(self):
- self.login()
- msg = (
- "Log out via GET requests is deprecated and will be removed in Django 5.0. "
- "Use POST requests for logging out."
- )
- with self.assertWarnsMessage(RemovedInDjango50Warning, msg):
- response = self.client.get("/logout/")
- self.assertContains(response, "Logged out")
- self.confirm_logged_out()
-
def test_14377(self):
# Bug 14377
self.login()