commit 215ab7e04495f829caf3583237fbe6c41ec8b40e
author Scott Baker <smbaker@gmail.com> Wed Jan 27 16:04:30 2016 -0800
committer Scott Baker <smbaker@gmail.com> Wed Jan 27 16:04:30 2016 -0800
tree 6126dc0fffa348c963639c1a9f16d575cb004acb
parent e91de4ec7927ff1d26b784e85c1ee24a1d81fef4

add logout API

xos/core/xoslib/methods/loginview.py

diff --git a/xos/core/xoslib/methods/loginview.py b/xos/core/xoslib/methods/loginview.py
index f485aa0..b212068 100644
--- a/xos/core/xoslib/methods/loginview.py
+++ b/xos/core/xoslib/methods/loginview.py
@@ -15,6 +15,8 @@
 import time
 import django.middleware.csrf
 from xos.exceptions import *
+from django.contrib.sessions.backends.db import SessionStore
+from django.contrib.sessions.models import Session
 
 class LoginView(APIView):
     method_kind = "list"
@@ -55,4 +57,33 @@
 
         return self.do_login(request, username, password)
 
+class LogoutView(APIView):
+    method_kind = "list"
+    method_name = "logout"
+
+    def do_logout(self, request, sessionid):
+        if not sessionid:
+            raise XOSMissingField("No xossessionid specified")
+
+        # Make sure the session exists. This prevents us from accidentally
+        # creating empty sessions with SessionStore()
+        session = Session.objects.filter(session_key=sessionid)
+        if not session:
+            # session doesn't exist
+            raise PermissionDenied("Session does not exist")
+
+        session = SessionStore(session_key=sessionid)
+        if "auth" in session:
+            del session["auth"]
+            session.save()
+
+        return Response("Logged Out")
+
+    def get(self, request, format=None):
+        sessionid = request.GET.get("xossessionid", None)
+        return self.do_logout(request, sessionid)
+
+    def post(self, request, format=None):
+        sessionid = request.DATA.get("xossessionid", None)
+        return self.do_logout(request, sessionid)