From 72f89eaf15e10ff8c8bd8a85c438f21c1c7eb11c Mon Sep 17 00:00:00 2001 From: Matthias Mair Date: Fri, 10 Jan 2025 03:31:37 +0100 Subject: [PATCH] clean up urls even more --- src/backend/InvenTree/InvenTree/urls.py | 10 ++++---- src/backend/InvenTree/users/api.py | 31 ------------------------- src/backend/InvenTree/users/test_api.py | 9 ------- 3 files changed, 5 insertions(+), 45 deletions(-) diff --git a/src/backend/InvenTree/InvenTree/urls.py b/src/backend/InvenTree/InvenTree/urls.py index 5bd6d00992..9c3e37da00 100644 --- a/src/backend/InvenTree/InvenTree/urls.py +++ b/src/backend/InvenTree/InvenTree/urls.py @@ -94,7 +94,6 @@ apipatterns = [ path( 'auth/', include([ - path('logout/', users.api.Logout.as_view(), name='api-logout'), path( 'login-redirect/', users.api.LoginRedirect.as_view(), @@ -105,10 +104,9 @@ apipatterns = [ include( (build_urlpatterns(Client.BROWSER), 'headless'), namespace='browser' ), - ), + ), # Allauth headless logic (only the browser client is included as we only use sessions based auth there) ]), ), - path('_allauth/', include('allauth.headless.urls')), # Magic login URLs path( 'email/generate/', @@ -122,8 +120,10 @@ apipatterns = [ backendpatterns = [ - path('auth/', include('rest_framework.urls', namespace='rest_framework')), - path('auth/', auth_request), + path( + 'auth/', include('rest_framework.urls', namespace='rest_framework') + ), # Used for (DRF) browsable API auth + path('auth/', auth_request), # Used for proxies to check if user is authenticated path('api/', include(apipatterns)), path('api-doc/', SpectacularRedocView.as_view(url_name='schema'), name='api-doc'), ] diff --git a/src/backend/InvenTree/users/api.py b/src/backend/InvenTree/users/api.py index 96ae6095ae..f55a0c29ac 100644 --- a/src/backend/InvenTree/users/api.py +++ b/src/backend/InvenTree/users/api.py @@ -9,7 +9,6 @@ from django.views.decorators.csrf import ensure_csrf_cookie from django.views.generic.base import RedirectView import structlog -from drf_spectacular.utils import OpenApiResponse, extend_schema, extend_schema_view from rest_framework import exceptions, permissions from rest_framework.generics import DestroyAPIView from rest_framework.permissions import IsAuthenticated @@ -216,36 +215,6 @@ class GroupList(GroupMixin, ListCreateAPI): ordering_fields = ['name'] -@extend_schema_view( - post=extend_schema( - responses={200: OpenApiResponse(description='User successfully logged out')} - ) -) -class Logout(APIView): - """API view for logging out via API.""" - - serializer_class = None - - def post(self, request): - """Logout the current user. - - Deletes user token associated with request. - """ - from InvenTree.middleware import get_token_from_request - - if request.user: - token_key = get_token_from_request(request) - - if token_key: - try: - token = ApiToken.objects.get(key=token_key, user=request.user) - token.delete() - except ApiToken.DoesNotExist: # pragma: no cover - pass - - return super().logout(request) - - class GetAuthToken(APIView): """Return authentication token for an authenticated user.""" diff --git a/src/backend/InvenTree/users/test_api.py b/src/backend/InvenTree/users/test_api.py index b57b97e965..a19107526f 100644 --- a/src/backend/InvenTree/users/test_api.py +++ b/src/backend/InvenTree/users/test_api.py @@ -83,15 +83,6 @@ class UserAPITests(InvenTreeAPITestCase): self.assertIn('name', response.data) self.assertIn('permissions', response.data) - # def test_logout(self): - # """Test api logout endpoint.""" - # token_key = self.get(url=reverse('api-token')).data['token'] - # self.client.logout() - # self.client.credentials(HTTP_AUTHORIZATION='Token ' + token_key) - - # self.post(reverse('api-logout'), expected_code=200) - # self.get(reverse('api-token'), expected_code=401) - def test_login_redirect(self): """Test login redirect endpoint.""" response = self.get(reverse('api-login-redirect'), expected_code=302)