encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-04-26 20:13:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/tomchristie/django-rest-framework into up

Browse Source
This commit is contained in:
Asif Saifuddin Auvi 2016-05-03 16:01:40 +06:00
commit 37ad407e64
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rest_framework/authentication.py
View File

@ -4,6 +4,7 @@ Provides various authentication policies.
from __future__ import unicode_literals from __future__ import unicode_literals
import base64 import base64
import binascii
from django.contrib.auth import authenticate, get_user_model from django.contrib.auth import authenticate, get_user_model
from django.middleware.csrf import CsrfViewMiddleware from django.middleware.csrf import CsrfViewMiddleware
@ -77,7 +78,7 @@ class BasicAuthentication(BaseAuthentication):
try: try:
auth_parts = base64.b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(':') auth_parts = base64.b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(':')
except (TypeError, UnicodeDecodeError): except (TypeError, UnicodeDecodeError, binascii.Error):
msg = _('Invalid basic header. Credentials not correctly base64 encoded.') msg = _('Invalid basic header. Credentials not correctly base64 encoded.')
raise exceptions.AuthenticationFailed(msg) raise exceptions.AuthenticationFailed(msg)

8
tests/test_authentication.py
View File

@ -85,6 +85,14 @@ class BasicAuthTests(TestCase):
response = self.csrf_client.post('/basic/', {'example': 'example'}, format='json', HTTP_AUTHORIZATION=auth) response = self.csrf_client.post('/basic/', {'example': 'example'}, format='json', HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_regression_handle_bad_base64_basic_auth_header(self):
"""Ensure POSTing JSON over basic auth with incorrectly padded Base64 string is handled correctly"""
# regression test for issue in 'rest_framework.authentication.BasicAuthentication.authenticate'
# https://github.com/tomchristie/django-rest-framework/issues/4089
auth = 'Basic =a='
response = self.csrf_client.post('/basic/', {'example': 'example'}, format='json', HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_form_failing_basic_auth(self): def test_post_form_failing_basic_auth(self):
"""Ensure POSTing form over basic auth without correct credentials fails""" """Ensure POSTing form over basic auth without correct credentials fails"""
response = self.csrf_client.post('/basic/', {'example': 'example'}) response = self.csrf_client.post('/basic/', {'example': 'example'})