encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-11-04 09:57:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug with inactive user accessing OAuth

Browse Source
This commit is contained in:
Tom Christie 2013-04-03 09:20:36 +01:00
parent 399ac70b83
commit 74fbd5ccc5
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
rest_framework/authentication.py
View File

@ -10,7 +10,7 @@ from django.core.exceptions import ImproperlyConfigured
from rest_framework import exceptions, HTTP_HEADER_ENCODING from rest_framework import exceptions, HTTP_HEADER_ENCODING
from rest_framework.compat import CsrfViewMiddleware from rest_framework.compat import CsrfViewMiddleware
from rest_framework.compat import oauth, oauth_provider, oauth_provider_store from rest_framework.compat import oauth, oauth_provider, oauth_provider_store
from rest_framework.compat import oauth2_provider, oauth2_provider_forms from rest_framework.compat import oauth2_provider
from rest_framework.authtoken.models import Token from rest_framework.authtoken.models import Token
@ -325,11 +325,13 @@ class OAuth2Authentication(BaseAuthentication):
except oauth2_provider.models.AccessToken.DoesNotExist: except oauth2_provider.models.AccessToken.DoesNotExist:
raise exceptions.AuthenticationFailed('Invalid token') raise exceptions.AuthenticationFailed('Invalid token')
if not token.user.is_active: user = token.user
if not user.is_active:
msg = 'User inactive or deleted: %s' % user.username msg = 'User inactive or deleted: %s' % user.username
raise exceptions.AuthenticationFailed(msg) raise exceptions.AuthenticationFailed(msg)
return (token.user, token) return (user, token)
def authenticate_header(self, request): def authenticate_header(self, request):
""" """