only logout with POST, fixes #126

[peterbe]

No description provided.

[codecov-io]

Codecov Report

Merging #144 into master will increase coverage by 0.78%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #144      +/-   ##
==========================================
+ Coverage   96.65%   97.43%   +0.78%     
==========================================
  Files           6        6              
  Lines         239      234       -5     
==========================================
- Hits          231      228       -3     
+ Misses          8        6       -2

Impacted Files	Coverage Δ
mozilla_django_oidc/views.py	100% <ø> (ø)	⬆️
mozilla_django_oidc/utils.py	94.11% <0%> (-1.34%)	⬇️
mozilla_django_oidc/middleware.py	95.74% <0%> (ø)	⬆️
mozilla_django_oidc/auth.py	96.59% <0%> (+2.27%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 64a53df...7a6fd57. Read the comment docs.

[johngian]

Please also add a test with a request factory sending a post to the logout view and check that logout is called as expected.

[johngian]

Is there a reason we want to test get when we only implement post? I suggest we remove this test if that doesn't affect coverage.

[peterbe]

You're right. It's simply part of Django. No point testing Django. Will remove.

[johngian]

What about CSRF? Does it work by default?

[peterbe]

Tests test that automatically. As long as the view doesn't have a csrf_exempt decorator it should be using CSRF.

[peterbe]

Please also add a test with a request factory sending a post to the logout view and check that logout is called as expected.

This is already one.

[peterbe]

I believe I've address the CSRF question.