From 4a2526bd1e067104a1553a3e158016fe9ad285bb Mon Sep 17 00:00:00 2001
From: Rob Romano <rromano@gmail.com>
Date: Sat, 10 Nov 2012 16:09:14 -0800
Subject: [PATCH] Added authtoken login/logout urlpatterns and views to support
 scripted logins and logouts using TokenAuthentication. Added unittests.

---
 rest_framework/authtoken/serializers.py | 37 +++++++++++++++++++++++++
 rest_framework/authtoken/urls.py        | 21 ++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 rest_framework/authtoken/serializers.py
 create mode 100644 rest_framework/authtoken/urls.py

diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py
new file mode 100644
index 000000000..8e0128c14
--- /dev/null
+++ b/rest_framework/authtoken/serializers.py
@@ -0,0 +1,37 @@
+from django.contrib.auth import authenticate
+
+from rest_framework import serializers
+from rest_framework.authtoken.models import Token
+
+
+class AuthTokenSerializer(serializers.Serializer):
+    token = serializers.Field(source="key")
+    username = serializers.CharField(max_length=30)
+    password = serializers.CharField()
+
+    def validate(self, attrs):
+        username = attrs.get('username')
+        password = attrs.get('password')
+
+        if username and password:
+            user = authenticate(username=username, password=password)
+
+            if user:
+                if not user.is_active:
+                    raise serializers.ValidationError('User account is disabled.')
+                attrs['user'] = user
+                return attrs
+            else:
+                raise serializers.ValidationError('Unable to login with provided credentials.')
+        else:
+            raise serializers.ValidationError('Must include "username" and "password"')
+
+    def convert_object(self, obj):
+        ret = self._dict_class()
+        ret['token'] = obj.key
+        ret['user'] = obj.user.id
+        return ret
+
+    def restore_object(self, attrs, instance=None):
+        token, created = Token.objects.get_or_create(user=attrs['user'])
+        return token
diff --git a/rest_framework/authtoken/urls.py b/rest_framework/authtoken/urls.py
new file mode 100644
index 000000000..2a3e81150
--- /dev/null
+++ b/rest_framework/authtoken/urls.py
@@ -0,0 +1,21 @@
+"""
+Login and logout views for token authentication.
+
+Add these to your root URLconf if you're using token authentication
+your API requires authentication.
+
+The urls must be namespaced as 'rest_framework', and you should make sure
+your authentication settings include `TokenAuthentication`.
+
+    urlpatterns = patterns('',
+        ...
+        url(r'^auth-token', include('rest_framework.authtoken.urls', namespace='rest_framework'))
+    )
+"""
+from django.conf.urls.defaults import patterns, url
+from rest_framework.authtoken.views import AuthTokenView
+
+urlpatterns = patterns('rest_framework.authtoken.views',
+    url(r'^login/$', AuthTokenView.as_view(), name='token_login'),
+#    url(r'^logout/$', 'token_logout', name='token_logout'),
+)