From 7eec582d406b9b366f9d364b53d1fc509831d9b4 Mon Sep 17 00:00:00 2001
From: Pavel Savchenko <pasha.savchenko@gmail.com>
Date: Wed, 28 Nov 2012 17:04:36 +0200
Subject: [PATCH 1/3] Better to return 401 when failing to authenticate

---
 rest_framework/authtoken/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest_framework/authtoken/views.py b/rest_framework/authtoken/views.py
index 3ac674e28..cfaacbe9a 100644
--- a/rest_framework/authtoken/views.py
+++ b/rest_framework/authtoken/views.py
@@ -18,7 +18,7 @@ class ObtainAuthToken(APIView):
         if serializer.is_valid():
             token, created = Token.objects.get_or_create(user=serializer.object['user'])
             return Response({'token': token.key})
-        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+        return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED)
 
 
 obtain_auth_token = ObtainAuthToken.as_view()

From 19f67bd578ecd15ab057c6aff8a9cc788a459d10 Mon Sep 17 00:00:00 2001
From: Pavel Savchenko <pasha.savchenko@gmail.com>
Date: Wed, 28 Nov 2012 23:05:33 +0200
Subject: [PATCH 2/3] also update test with response code 401

---
 rest_framework/tests/authentication.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest_framework/tests/authentication.py b/rest_framework/tests/authentication.py
index 96ca9f52c..d12e6e2ae 100644
--- a/rest_framework/tests/authentication.py
+++ b/rest_framework/tests/authentication.py
@@ -167,7 +167,7 @@ class TokenAuthTests(TestCase):
         client = Client(enforce_csrf_checks=True)
         response = client.post('/auth-token/login/', 
                                json.dumps({'username': self.username, 'password': "badpass"}), 'application/json')
-        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.status_code, 401)
 
     def test_token_login_json_missing_fields(self):
         """Ensure token login view using JSON POST fails if missing fields."""

From 1b9d0eefba07cb3567ad7dbeb72c4c3b3c1f0de3 Mon Sep 17 00:00:00 2001
From: Pavel Savchenko <pasha.savchenko@gmail.com>
Date: Thu, 29 Nov 2012 09:35:22 +0200
Subject: [PATCH 3/3] fix forgotten 400 test

---
 rest_framework/tests/authentication.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest_framework/tests/authentication.py b/rest_framework/tests/authentication.py
index d12e6e2ae..802bc6c1f 100644
--- a/rest_framework/tests/authentication.py
+++ b/rest_framework/tests/authentication.py
@@ -174,7 +174,7 @@ class TokenAuthTests(TestCase):
         client = Client(enforce_csrf_checks=True)
         response = client.post('/auth-token/login/', 
                                json.dumps({'username': self.username}), 'application/json')
-        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.status_code, 401)
 
     def test_token_login_form(self):
         """Ensure token login view using form POST works."""