django-rest-framework/rest_framework/authtoken/serializers.py

from django.utils.translation import ugettext_lazy as _

from rest_framework import serializers
from rest_framework.compat import authenticate


class AuthTokenSerializer(serializers.Serializer):
    username = serializers.CharField(label=_("Username"))
    password = serializers.CharField(
        label=_("Password"),
        style={'input_type': 'password'},
        trim_whitespace=False
    )

    def validate(self, attrs):
        username = attrs.get('username')
        password = attrs.get('password')

        if username and password:
            user = authenticate(request=self.context.get('request'),
                                username=username, password=password)

            if user:
                # From Django 1.10 onwards the `authenticate` call simply
                # returns `None` for is_active=False users.
                # (Assuming the default `ModelBackend` authentication backend.)
                if not user.is_active:
                    msg = _('User account is disabled.')
                    raise serializers.ValidationError(msg, code='authorization')
            else:
                msg = _('Unable to log in with provided credentials.')
                raise serializers.ValidationError(msg, code='authorization')
        else:
            msg = _('Must include "username" and "password".')
            raise serializers.ValidationError(msg, code='authorization')

        attrs['user'] = user
        return attrs
Mark strings in AuthTokenSerializer as translatable 2014-05-01 13:18:16 +04:00			`from django.utils.translation import ugettext_lazy as _`

Use serializers.ValidationError Per django rest framework docs, and to prevent confusion with Django's ValidationError, `serializers.ValidationError` is preferred to `exceptions.ValidationError`. 2015-10-01 05:09:37 +03:00			`from rest_framework import serializers`
Call Django's authenticate function with the request object (#5295) As of Django 1.11 the `authenticate` function accepts a request as an additional argument. This commit fixes compatibility between newer Django versions and custom authentication backends which already depend on the request object. See also: [Django 1.11 release](https://docs.djangoproject.com/en/1.11/releases/1.11/) ``` authenticate() now passes a request argument to the authenticate() method of authentication backends. Support for methods that don’t accept request as the first positional argument will be removed in Django 2.1. ``` 2017-10-05 12:43:49 +03:00			`from rest_framework.compat import authenticate`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00
Reverted #458 When incorrect parameters are supplied to the obtain auth token view 400 is the correct response. 2012-12-08 02:25:16 +04:00
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00			`class AuthTokenSerializer(serializers.Serializer):`
enhancement #3886 Internationalization in admin interface rest_framework.authtoken + verbose_name in models.Token fields + Meta-options verbose_name & verbose_name_plural + Labels in AuthTokenSerializer fields in case of usages in Brousable API + provide AppConfig class as described in django documentation with verbose_name came through ugettext_lazy 2016-02-01 11:20:16 +03:00			`username = serializers.CharField(label=_("Username"))`
Lint 2017-05-17 22:17:55 +03:00			`password = serializers.CharField(`
			`label=_("Password"),`
			`style={'input_type': 'password'},`
			`trim_whitespace=False`
			`)`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00
			`def validate(self, attrs):`
			`username = attrs.get('username')`
			`password = attrs.get('password')`

			`if username and password:`
Call Django's authenticate function with the request object (#5295) As of Django 1.11 the `authenticate` function accepts a request as an additional argument. This commit fixes compatibility between newer Django versions and custom authentication backends which already depend on the request object. See also: [Django 1.11 release](https://docs.djangoproject.com/en/1.11/releases/1.11/) ``` authenticate() now passes a request argument to the authenticate() method of authentication backends. Support for methods that don’t accept request as the first positional argument will be removed in Django 2.1. ``` 2017-10-05 12:43:49 +03:00			`user = authenticate(request=self.context.get('request'),`
			`username=username, password=password)`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00
			`if user:`
Version 3.5 (#4525) * Start test case * Added 'requests' test client * Address typos * Graceful fallback if requests is not installed. * Add cookie support * Tests for auth and CSRF * Py3 compat * py3 compat * py3 compat * Add get_requests_client * Added SchemaGenerator.should_include_link * add settings for html cutoff on related fields * Router doesn't work if prefix is blank, though project urls.py handles prefix * Fix Django 1.10 to-many deprecation * Add django.core.urlresolvers compatibility * Update django-filter & django-guardian * Check for empty router prefix; adjust URL accordingly It's easiest to fix this issue after we have made the regex. To try to fix it before would require doing something different for List vs Detail, which means we'd have to know which type of url we're constructing before acting accordingly. * Fix misc django deprecations * Use TOC extension instead of header * Fix deprecations for py3k * Add py3k compatibility to is_simple_callable * Add is_simple_callable tests * Drop python 3.2 support (EOL, Dropped by Django) * schema_renderers= should set the renderers, not append to them. * API client (#4424) * Fix release notes * Add note about 'User account is disabled.' vs 'Unable to log in' * Clean up schema generation (#4527) * Handle multiple methods on custom action (#4529) * RequestsClient, CoreAPIClient * exclude_from_schema * Added 'get_schema_view()' shortcut * Added schema descriptions * Better descriptions for schemas * Add type annotation to schema generation * Coerce schema 'pk' in path to actual field name * Deprecations move into assertion errors * Use get_schema_view in tests * Updte CoreJSON media type * Handle schema structure correctly when path prefixs exist. Closes #4401 * Add PendingDeprecation to Router schema generation. * Added SCHEMA_COERCE_PATH_PK and SCHEMA_COERCE_METHOD_NAMES * Renamed and documented 'get_schema_fields' interface. 2016-10-10 15:03:46 +03:00			# From Django 1.10 onwards the `authenticate` call simply
			# returns `None` for is_active=False users.
			# (Assuming the default `ModelBackend` authentication backend.)
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00			`if not user.is_active:`
prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings 2015-01-07 15:46:23 +03:00			`msg = _('User account is disabled.')`
Error codes (#4550) Add error codes to `APIException` 2016-10-11 12:25:21 +03:00			`raise serializers.ValidationError(msg, code='authorization')`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00			`else:`
prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings 2015-01-07 15:46:23 +03:00			`msg = _('Unable to log in with provided credentials.')`
Error codes (#4550) Add error codes to `APIException` 2016-10-11 12:25:21 +03:00			`raise serializers.ValidationError(msg, code='authorization')`
Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. 2012-11-11 04:09:14 +04:00			`else:`
prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings 2015-01-07 15:46:23 +03:00			`msg = _('Must include "username" and "password".')`
Error codes (#4550) Add error codes to `APIException` 2016-10-11 12:25:21 +03:00			`raise serializers.ValidationError(msg, code='authorization')`
Getting tests passing 2014-09-02 20:41:23 +04:00
			`attrs['user'] = user`
			`return attrs`