From f1a384b61bdfe61bc45e71b25089609043c3d069 Mon Sep 17 00:00:00 2001 From: Raphael Gyory Date: Wed, 6 Apr 2016 16:58:15 +0200 Subject: [PATCH 1/4] Add Django Rest Messaging in Third party packages --- docs/topics/third-party-resources.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/topics/third-party-resources.md b/docs/topics/third-party-resources.md index c4ac88255..a12a24616 100644 --- a/docs/topics/third-party-resources.md +++ b/docs/topics/third-party-resources.md @@ -253,6 +253,7 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque * [django-rest-framework-braces][django-rest-framework-braces] - Collection of utilities for working with Django Rest Framework. The most notable ones are [FormSerializer](https://django-rest-framework-braces.readthedocs.org/en/latest/overview.html#formserializer) and [SerializerForm](https://django-rest-framework-braces.readthedocs.org/en/latest/overview.html#serializerform), which are adapters between DRF serializers and Django forms. * [drf-haystack][drf-haystack] - Haystack search for Django Rest Framework * [django-rest-framework-version-transforms][django-rest-framework-version-transforms] - Enables the use of delta transformations for versioning of DRF resource representations. +* [django-rest-messaging][django-rest-messaging], [django-rest-messaging-centrifugo][django-rest-messaging-centrifugo] and [django-rest-messaging-js][django-rest-messaging-js] - A real-time pluggable messaging service using DRM. ## Other Resources From b8701015818494109441310a5a88ebea901d2086 Mon Sep 17 00:00:00 2001 From: Raphael Gyory Date: Wed, 6 Apr 2016 17:00:26 +0200 Subject: [PATCH 2/4] Update third-party-resources.md --- docs/topics/third-party-resources.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/topics/third-party-resources.md b/docs/topics/third-party-resources.md index a12a24616..cc29c4334 100644 --- a/docs/topics/third-party-resources.md +++ b/docs/topics/third-party-resources.md @@ -358,3 +358,6 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque [django-rest-framework-version-transforms]: https://github.com/mrhwick/django-rest-framework-version-transforms [djangorestframework-jsonapi]: https://github.com/django-json-api/django-rest-framework-json-api [html-json-forms]: https://github.com/wq/html-json-forms +[django-rest-messaging]: https://github.com/raphaelgyory/django-rest-messaging +[django-rest-messaging-centrifugo]: https://github.com/raphaelgyory/django-rest-messaging-centrifugo +[django-rest-messaging-js]: https://github.com/raphaelgyory/django-rest-messaging-js From 78e4ea0d6e88a7b355ec3e790ef0e8f95859ca2d Mon Sep 17 00:00:00 2001 From: Jonathan Liuti Date: Thu, 7 Apr 2016 17:24:26 +0200 Subject: [PATCH 3/4] No auth view failing permission should raise 403 A view with no `authentication_classes` set and that fails a permission check should raise a 403 with the message from the failing permission. --- rest_framework/views.py | 2 +- tests/test_authentication.py | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/rest_framework/views.py b/rest_framework/views.py index c13e74447..41d108e53 100644 --- a/rest_framework/views.py +++ b/rest_framework/views.py @@ -162,7 +162,7 @@ class APIView(View): """ If request is not permitted, determine what kind of exception to raise. """ - if not request.successful_authenticator: + if request.authenticators and not request.successful_authenticator: raise exceptions.NotAuthenticated() raise exceptions.PermissionDenied(detail=message) diff --git a/tests/test_authentication.py b/tests/test_authentication.py index 285a3210c..70eea3132 100644 --- a/tests/test_authentication.py +++ b/tests/test_authentication.py @@ -321,3 +321,28 @@ class FailingAuthAccessedInRenderer(TestCase): response = self.view(request) content = response.render().content self.assertEqual(content, b'not authenticated') + + +class NoAuthenticationClassesTests(TestCase): + def test_permission_message_with_no_authentication_classes(self): + """ + An unauthenticated request made against a view that containes no + `authentication_classes` but do contain `permissions_classes` the error + code returned should be 403 with the exception's message. + """ + + class DummyPermission(permissions.BasePermission): + message = 'Dummy permission message' + + def has_permission(self, request, view): + return False + + request = factory.get('/') + view = MockView.as_view( + authentication_classes=(), + permission_classes=(DummyPermission,), + ) + response = view(request) + self.assertEqual(response.status_code, + status.HTTP_403_FORBIDDEN) + self.assertEqual(response.data, {'detail': 'Dummy permission message'}) From 019c6db759ed5aa765c26a895bbcc6953e62f423 Mon Sep 17 00:00:00 2001 From: Xavier Ordoquy Date: Thu, 7 Apr 2016 17:34:27 +0200 Subject: [PATCH 4/4] Fix the string_types / text_types confusion introduced in #4025 (#4035) --- rest_framework/authentication.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index 23ef49d69..eb8140643 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -7,7 +7,7 @@ import base64 from django.contrib.auth import authenticate, get_user_model from django.middleware.csrf import CsrfViewMiddleware -from django.utils.six import string_types +from django.utils.six import text_types from django.utils.translation import ugettext_lazy as _ from rest_framework import HTTP_HEADER_ENCODING, exceptions @@ -20,7 +20,7 @@ def get_authorization_header(request): Hide some test client ickyness where the header can be unicode. """ auth = request.META.get('HTTP_AUTHORIZATION', b'') - if isinstance(auth, string_types): + if isinstance(auth, text_types): # Work around django test client oddness auth = auth.encode(HTTP_HEADER_ENCODING) return auth