django-rest-framework/rest_framework/authtoken/serializers.py

from django.contrib.auth import authenticate
from django.utils.translation import ugettext_lazy as _

from rest_framework import serializers


class AuthTokenSerializer(serializers.Serializer):
    username = serializers.CharField(label=_("Username"))
    password = serializers.CharField(
        label=_("Password"),
        style={'input_type': 'password'},
        trim_whitespace=False
    )

    def validate(self, attrs):
        username = attrs.get('username')
        password = attrs.get('password')

        if username and password:
            user = authenticate(request=self.context.get('request'),
                                username=username, password=password)

            # The authenticate call simply returns None for is_active=False
            # users. (Assuming the default ModelBackend authentication
            # backend.)
            if not user:
                msg = _('Unable to log in with provided credentials.')
                raise serializers.ValidationError(msg, code='authorization')
        else:
            msg = _('Must include "username" and "password".')
            raise serializers.ValidationError(msg, code='authorization')

        attrs['user'] = user
        return attrs
Drop Django 1.10 support (#5657) * Remove Django 1.10 from CI * Remove Django 1.10 compat code 2018-07-06 13:14:31 +03:00			`from django.contrib.auth import authenticate`
Mark strings in AuthTokenSerializer as translatable 2014-05-01 13:18:16 +04:00			`from django.utils.translation import ugettext_lazy as _`

Use serializers.ValidationError Per django rest framework docs, and to prevent confusion with Django's ValidationError, `serializers.ValidationError` is preferred to `exceptions.ValidationError`. 2015-10-01 05:09:37 +03:00			`from rest_framework import serializers`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00
Reverted #458 When incorrect parameters are supplied to the obtain auth token view 400 is the correct response. 2012-12-08 02:25:16 +04:00
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00			`class AuthTokenSerializer(serializers.Serializer):`
enhancement #3886 Internationalization in admin interface rest_framework.authtoken + verbose_name in models.Token fields + Meta-options verbose_name & verbose_name_plural + Labels in AuthTokenSerializer fields in case of usages in Brousable API + provide AppConfig class as described in django documentation with verbose_name came through ugettext_lazy 2016-02-01 11:20:16 +03:00			`username = serializers.CharField(label=_("Username"))`
Lint 2017-05-17 22:17:55 +03:00			`password = serializers.CharField(`
			`label=_("Password"),`
			`style={'input_type': 'password'},`
			`trim_whitespace=False`
			`)`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00
			`def validate(self, attrs):`
			`username = attrs.get('username')`
			`password = attrs.get('password')`

			`if username and password:`
Call Django's authenticate function with the request object (#5295) As of Django 1.11 the `authenticate` function accepts a request as an additional argument. This commit fixes compatibility between newer Django versions and custom authentication backends which already depend on the request object. See also: [Django 1.11 release](https://docs.djangoproject.com/en/1.11/releases/1.11/) ``` authenticate() now passes a request argument to the authenticate() method of authentication backends. Support for methods that don’t accept request as the first positional argument will be removed in Django 2.1. ``` 2017-10-05 12:43:49 +03:00			`user = authenticate(request=self.context.get('request'),`
			`username=username, password=password)`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00
Remove references to unsupported Django versions in docs and code (#5602) Per the trove classifiers, DRF only supports Django versions 1.10+. Can drop documentation, code comments, and workarounds for older Django versions. 2017-11-20 11:35:54 +03:00			`# The authenticate call simply returns None for is_active=False`
			`# users. (Assuming the default ModelBackend authentication`
			`# backend.)`
			`if not user:`
prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings 2015-01-07 15:46:23 +03:00			`msg = _('Unable to log in with provided credentials.')`
Error codes (#4550) Add error codes to `APIException` 2016-10-11 12:25:21 +03:00			`raise serializers.ValidationError(msg, code='authorization')`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00			`else:`
prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings 2015-01-07 15:46:23 +03:00			`msg = _('Must include "username" and "password".')`
Error codes (#4550) Add error codes to `APIException` 2016-10-11 12:25:21 +03:00			`raise serializers.ValidationError(msg, code='authorization')`
Getting tests passing 2014-09-02 20:41:23 +04:00
			`attrs['user'] = user`
			`return attrs`