Skip to content

Do a proper logout #2679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
waxlamp wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Do a proper logout #2679

waxlamp wants to merge 3 commits into from

Conversation

@waxlamp
Copy link
Member

@waxlamp waxlamp commented Dec 17, 2025

No description provided.

waxlamp and others added 3 commits December 15, 2025 15:06
@waxlamp
Present the allauth logout view on clientside logout
dd296b4 
This is the correct way to "log the user out of the API", even if it
involves users having to confirm their logout action. The reason for
that, in turn, has to do with preventing CSRF attacks against a user's
login state.

The `ACCOUNT_LOGOUT_REDIRECT_URL` governs where the user is taken after
logout completes. We can't use the logout view URL's `next` parameter
because the redirect target is on a different domain from the backend.
@waxlamp
WIP - attempt to remove dangerous actions from allauth base template
ca2de5e 
This commit leaves the logout view broken (specifically, without any CSS
styles, among other things). To "fix" it in dev, rename "base.html" to
something else (so that the template engine grabs base.html from the
allauth package instead).
@jjnesbitt
Override correct base template
6ca9422
@jjnesbitt
Copy link
Member

jjnesbitt commented Dec 23, 2025

We discovered the SOCIALACCOUNT_ONLY setting, which may be useful:

https://docs.allauth.org/en/dev/socialaccount/configuration.html#:~:text=without%20SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT.-,SOCIALACCOUNT_ONLY,-(default%3A%20False

jjnesbitt
jjnesbitt reviewed Jan 6, 2026
View reviewed changes
web/src/rest.ts
localStorage.clear();
}

window.location.href = 'http://localhost:8000/accounts/logout/'
Copy link
Member

@jjnesbitt jjnesbitt Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should use the env var for the API

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jjnesbitt jjnesbitt jjnesbitt left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@waxlamp @jjnesbitt