encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-03 13:14:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

update invalid token case

Browse Source
This commit is contained in:
S. Andrew Sheppard 2016-01-05 09:42:22 -06:00
parent ff29fdd875
commit 1712c00001
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rest_framework/authentication.py
View File

@ -185,9 +185,10 @@ class TokenAuthentication(BaseAuthentication):
return self.authenticate_credentials(token)
def authenticate_credentials(self, key):
model = self.get_model()
try:
token = self.get_model().objects.select_related('user').get(key=key)
except self.model.DoesNotExist:
token = model.objects.select_related('user').get(key=key)
except model.DoesNotExist:
raise exceptions.AuthenticationFailed(_('Invalid token.'))
if not token.user.is_active:

6
tests/test_authentication.py
View File

@ -162,6 +162,12 @@ class TokenAuthTests(TestCase):
response = self.csrf_client.post('/token/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_fail_post_form_passing_nonexistent_token_auth(self):
# use a nonexistent token key
auth = 'Token wxyz6789'
response = self.csrf_client.post('/token/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_fail_post_form_passing_invalid_token_auth(self):
# add an 'invalid' unicode character
auth = 'Token ' + self.key + "¸"