Open edmundsj opened 2 years ago
smyja
commented
2 years ago have you resolved this?
I was expecting to receive a 400 status code when submitting a
POSTrequest for log-out if there is no user logged in - because we can't log someone out who wasn't logged in in the first place! However, it looks like I am getting back 200 status codes regardless of whether the user in question was previously logged in or logged out. Seems odd.
rochdikhalid
commented
1 year ago @edmundsj You are right, returning a 200 status code for a logout request if the user is not authenticated is not considered to be the best practice. A 400 status code, or Bad Request, would be more appropriate in this case, as it indicates that the request is malformed or incorrect in some way.
vadimshvetsov
commented
5 months ago Thats because there are permission_classes = (AllowAny,) on LogoutView. I'm gonna open PR for adding isAuthenticated there to follow code intentions.
I was expecting to receive a 400 status code when submitting a
POSTrequest for log-out if there is no user logged in - because we can't log someone out who wasn't logged in in the first place! However, it looks like I am getting back 200 status codes regardless of whether the user in question was previously logged in or logged out. Seems odd.