How to delete the Token from backend in Django

0
votes

I'm using django rest-auth along with the django rest api. I can logout the user by calling rest-auth/logout in the browsable api and it will delete the token from the Database. In the browsable api, I don't have to send the Token along with the logout url. I called the same url rest-auth/logout from a React js front end and it gives the response as 'successfully logged out' but Token remains in the database. How can I remove the Token by calling the url from the front end.

2
pythonreactjsdjangodjango-rest-auth

2 Answers

1
votes

You must send a DELETE request and use this code:

class LogoutView(APIView):
""" Logout User """

@staticmethod
def delete(request, *args, **kwargs):
    request.user.auth_token.delete()
    data = {
        "message": "You have successfully logged out.",
    }
    return Response(data, status=status.HTTP_200_OK)
1
votes

Hi i would use a differente approach.

  1. Each login, delete and create a new token
  2. Each logout call logout method
from django.contrib import auth

class LoginView(APIView):
""" Login User """

    @staticmethod
    def post(request, *args, **kwargs):
        # get username and password
        user = auth.authenticate(username=username, password=password)
        if user is not None:
            Token.objects.filter(user=user).delete()
            token = Token.objects.create(user=user)
            auth.login(request, user)
            # redirect to whatever with token key
        # error return here
 
class LogoutView(APIView):
""" Logout User """

    @staticmethod
    def delete(request, *args, **kwargs):
        auth.logout(request)
        data = {
            "message": "You have successfully logged out.",
        }
        return Response(data, status=status.HTTP_200_OK)