encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-07-29 17:39:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge b2cea84fae into 9b56616750

Browse Source
This commit is contained in:
Fernando Rocha 2013-03-27 15:01:46 -07:00
commit 3b5280de00
3 changed files with 24 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/api-guide/authentication.md
View File

@ -294,7 +294,7 @@ The only thing needed to make the `OAuth2Authentication` class work is to insert
The command line to test the authentication looks like: The command line to test the authentication looks like:
curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/?client_id=YOUR_CLIENT_ID\&client_secret=YOUR_CLIENT_SECRET curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/
--- ---

26
rest_framework/authentication.py
View File

@ -2,14 +2,16 @@
Provides a set of pluggable authentication policies. Provides a set of pluggable authentication policies.
""" """
from __future__ import unicode_literals from __future__ import unicode_literals
import base64
from datetime import datetime
from django.contrib.auth import authenticate from django.contrib.auth import authenticate
from django.core.exceptions import ImproperlyConfigured from django.core.exceptions import ImproperlyConfigured
from rest_framework import exceptions, HTTP_HEADER_ENCODING from rest_framework import exceptions, HTTP_HEADER_ENCODING
from rest_framework.compat import CsrfViewMiddleware from rest_framework.compat import CsrfViewMiddleware
from rest_framework.compat import oauth, oauth_provider, oauth_provider_store from rest_framework.compat import oauth, oauth_provider, oauth_provider_store
from rest_framework.compat import oauth2_provider, oauth2_provider_forms, oauth2_provider_backends from rest_framework.compat import oauth2_provider, oauth2_provider_forms
from rest_framework.authtoken.models import Token from rest_framework.authtoken.models import Token
import base64
def get_authorization_header(request): def get_authorization_header(request):
@ -315,21 +317,15 @@ class OAuth2Authentication(BaseAuthentication):
Authenticate the request, given the access token. Authenticate the request, given the access token.
""" """
# Authenticate the client try:
oauth2_client_form = oauth2_provider_forms.ClientAuthForm(request.REQUEST) token = oauth2_provider.models.AccessToken.objects.select_related('user')
if not oauth2_client_form.is_valid(): # TODO: Change to timezone aware datetime when oauth2_provider add
raise exceptions.AuthenticationFailed('Client could not be validated') # support to it.
client = oauth2_client_form.cleaned_data.get('client') token = token.get(token=access_token, expires__gt=datetime.now())
except oauth2_provider.models.AccessToken.DoesNotExist:
# Retrieve the `OAuth2AccessToken` instance from the access_token
auth_backend = oauth2_provider_backends.AccessTokenBackend()
token = auth_backend.authenticate(access_token, client)
if token is None:
raise exceptions.AuthenticationFailed('Invalid token') raise exceptions.AuthenticationFailed('Invalid token')
user = token.user if not token.user.is_active:
if not user.is_active:
msg = 'User inactive or deleted: %s' % user.username msg = 'User inactive or deleted: %s' % user.username
raise exceptions.AuthenticationFailed(msg) raise exceptions.AuthenticationFailed(msg)

21
rest_framework/tests/authentication.py
View File

@ -499,15 +499,6 @@ class OAuth2Tests(TestCase):
response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth) response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
@unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
def test_get_form_with_wrong_client_data_failing_auth(self):
"""Ensure GETing form over OAuth with incorrect client credentials fails"""
auth = self._create_authorization_header()
params = self._client_credentials_params()
params['client_id'] += 'a'
response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, 401)
@unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed') @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
def test_get_form_passing_auth(self): def test_get_form_passing_auth(self):
"""Ensure GETing form over OAuth with correct client credentials succeed""" """Ensure GETing form over OAuth with correct client credentials succeed"""
@ -516,6 +507,18 @@ class OAuth2Tests(TestCase):
response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth) response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
@unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
def test_get_form_passing_auth_without_client_params(self):
"""
Ensure GETing form over OAuth without client credentials
Regression test for issue #759:
https://github.com/tomchristie/django-rest-framework/issues/759
"""
auth = self._create_authorization_header()
response = self.csrf_client.get('/oauth2-test/', HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, 200)
@unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed') @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
def test_post_form_passing_auth(self): def test_post_form_passing_auth(self):
"""Ensure POSTing form over OAuth with correct credentials passes and does not require CSRF""" """Ensure POSTing form over OAuth with correct credentials passes and does not require CSRF"""