Merge pull request #737 from 18F/logout

Add logout view and menu item
18F · Mar 7, 2018 · 76d3854 · 76d3854
2 parents 737a934 + f2fbc63
commit 76d3854
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 0 deletions.
diff --git a/tock/tock/templates/_navigation.html b/tock/tock/templates/_navigation.html
@@ -24,6 +24,11 @@
           <span>Users</span>
         </a>
       </li>
+      <li>
+        <a href="{% url 'logout' %}" class="usa-nav-link">
+          <span>Log out</span>
+        </a>
+      </li>
       {% if request.user.is_superuser %}
       <li>
         <button class="

diff --git a/tock/tock/templates/logout.html b/tock/tock/templates/logout.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<h2>Logged out</h2>
+<p>You are now logged out of Tock.</p>
+
+{% endblock %}
diff --git a/tock/tock/tests/test_url_auth.py b/tock/tock/tests/test_url_auth.py
@@ -119,6 +119,8 @@ class URLAuthTests(TestCase):
         '/auth/fake/oauth/token',
         # Logging out of admin is always public, so ignore it.
         '/admin/logout/',
+        # And logging out of the site is always public too.
+        '/logout',
     ]
 
     def assertURLIsProtectedByAuth(self, url):

diff --git a/tock/tock/tests/test_views.py b/tock/tock/tests/test_views.py
@@ -0,0 +1,12 @@
+from django.test import TestCase
+from django.contrib.auth.models import User
+
+
+class ViewsTests(TestCase):
+    def test_logout_logs_user_out(self):
+        user = User.objects.create_user(username='foo')
+        self.client.force_login(user)
+
+        response = self.client.get('/logout')
+        self.assertEqual(response.status_code, 200)
+        self.assertFalse(response.context['user'].is_authenticated())
diff --git a/tock/tock/urls.py b/tock/tock/urls.py
@@ -20,6 +20,7 @@ def check_if_staff(user):
 import hours.views
 import api.urls
 import projects.urls
+import tock.views
 
 urlpatterns = [
     url(r'^$',
@@ -50,6 +51,8 @@ def check_if_staff(user):
     url(r'^admin/', include(admin.site.urls)),
 
     url(r'^auth/', include('uaa_client.urls')),
+
+    url(r'^logout$', tock.views.logout, name='logout'),
 ]
 
 

diff --git a/tock/tock/views.py b/tock/tock/views.py
@@ -1,6 +1,7 @@
 import logging
 
 from django.shortcuts import render
+import django.contrib.auth
 
 logger = logging.getLogger(__name__)
 
@@ -14,3 +15,8 @@ def csrf_failure(request, reason=""):
         )
     )
     return render(request, '403.html')
+
+
+def logout(request):
+    django.contrib.auth.logout(request)
+    return render(request, 'logout.html')