Revoking tokens causes a 500 error to be returned

👓 What did you see?

Calling the POST /token/revoke/ endpoint causes a 500 error to be returned.

✅ What did you expect to see?

200 error and token revoked, or authentication error if authorization token incorrect.

🔬 How do I recreate this?

With API running from docker compose:

$ curl -X POST http://localhost:8000/token/ -H "content-type: application/x-www-form-urlencoded" -d "grant_type=urn%3Adevops.uis.cam.ac.uk%3Aparams%3Aoauth%3Agrant-type%3Anew-user-credentials&date_of_birth=1976-10-05&last_name=Barnes&code=bRtOrPtc"
{"expires_in":300,"access_token":"2525dfb25cc1f92fe7211014f5dfe058de6e4ae0b73c9a91b7b342bae0fea00d","token_type":"bearer"}
$ curl -X POST http://localhost:8000/token/revoke/ -H "Authorization: Bearer 2525dfb25cc1f92fe7211014f5dfe058de6e4ae0b73c9a91b7b342bae0fea00d"
... Long Django Error HTML ...

📚 Any additional information?

This appears to be due to our not-quite-normal way of hooking together the Account model and the authentication flow. As the Account model doesn't conform to Django's standard User model the Knox code is attempting to call get_username() which does not exist for the Account as part of it's cleanup.

Suggested approach is to either implement get_username() to return the CRSId or to sub-class the knox logout and logout-all views to prevent this function being called.