Add validation to login, added logout method

api/handlers.py

@@ -47,7 +47,7 @@ class LoginHandler(BaseHandler):
     allowed_methods = ('GET')
 
     def read(self, request):
-        if request.user:
+        if request.user and request.user.is_authenticated():
             return {'auth': 'notrequired', 'cookie': request.session.session_key }
 
         if not 'user' in request.GET or not 'pass' in request.GET:
@@ -56,12 +56,23 @@ class LoginHandler(BaseHandler):
         if not user.is_active:
             return { 'auth': 'disabled' }
 
-        if authenticate(user.name, password):
+        userobj = authenticate(user.name, password)
+        if userobj and user.is_active:
             login(request, user)
             return { 'auth': 'ok', 'id': user.id, 'username': user.username, 'cookie': request.session.session_key }
         else:
             return { 'auth': 'fail' }
 
+class LogoutHandler(BaseHandler):
+    allowed_methods = ('GET')
+
+    def read(self, request):
+        if request.user and not request.user.is_authenticated():
+            return {'auth': 'notrequired', }
+
+        logout(request)
+        return { 'auth': 'logout', }
+
 class AccessHandler(BaseHandler):
     allowed_methods = ('GET')
 

api/urls.py

@@ -10,10 +10,12 @@ ad = { 'authentication': auth }
 
 user_resource = Resource(handler=UserHandler, **ad)
 login_resource = Resource(handler=LoginHandler, **ad)
+logout_resource = Resource(handler=LogoutHandler, **ad)
 access_resource = Resource(handler=AccessHandler, **ad)
 
 urlpatterns = patterns('',
     url(r'^login/$', login_resource),
+    url(r'^logout/$', logout_resource),
     url(r'^access/$', access_resource),
     url(r'^user/$', user_resource),
 #    url(r'^user/(?P<id>\d+)/$', user_resource),