Open edmundsj opened 2 years ago
have you resolved this?
I was expecting to receive a 400 status code when submitting a
POST
request for log-out if there is no user logged in - because we can't log someone out who wasn't logged in in the first place! However, it looks like I am getting back 200 status codes regardless of whether the user in question was previously logged in or logged out. Seems odd.
@edmundsj You are right, returning a 200 status code for a logout request if the user is not authenticated is not considered to be the best practice. A 400 status code, or Bad Request, would be more appropriate in this case, as it indicates that the request is malformed or incorrect in some way.
Thats because there are permission_classes = (AllowAny,)
on LogoutView
. I'm gonna open PR for adding isAuthenticated
there to follow code intentions.
I was expecting to receive a 400 status code when submitting a
POST
request for log-out if there is no user logged in - because we can't log someone out who wasn't logged in in the first place! However, it looks like I am getting back 200 status codes regardless of whether the user in question was previously logged in or logged out. Seems odd.