I'm writing a server app using Django, Django REST framework, Django-rest-auth and Django-allauth. I have a method that's used to pass messages between users, and this should only happen when the receiver is logged in.
However, it seems that the user object's is_authenticated() method returns True even though the user has logged out (called rest-auth/logout/, which should in turn call Django's logout). What could cause this? Is there something I've missed here?
Here's the code I have:
class SendMessage(generics.CreateAPIView):
permission_classes = (permissions.IsAuthenticated,)
serializer_class = MessageSerializer
def perform_create(self, serializer):
m = self.request.data['msg']
targetUser = User.objects.get(pk = self.request.data['user'])
if targetUser.is_authenticated():
# Send message
else:
# Don't send message
Unfortunately, the is_authenticated() method always returns true.
def is_authenticated(self):
"""
Always return True. This is a way to tell if the user has been
authenticated in templates.
"""
return True
It is meant to discern between a User instance and an AnonymousUser instance, which is what the User is set as when they do not pass authentication.