Use "Token" as the scheme for token auth

2025-10-31 07:57:55 +03:00 · 2012-09-07 14:07:35 -04:00 · 2012-09-07 14:07:35 -04:00 · 7f98741939
commit 7f98741939
parent 5a3874ee11
2 changed files with 15 additions and 12 deletions
--- a/djangorestframework/tests/authentication.py
+++ b/djangorestframework/tests/authentication.py
@ -127,13 +127,13 @@ class TokenAuthTests(TestCase):

    def test_post_form_passing_token_auth(self):
        """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF"""
-        auth = self.key
+        auth = 'Token %s' % self.key
        response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
        self.assertEqual(response.status_code, 200)

    def test_post_json_passing_token_auth(self):
        """Ensure POSTing form over token auth with correct credentials passes and does not require CSRF"""
-        auth = self.key
+        auth = 'Token %s' % self.key
        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth)
        self.assertEqual(response.status_code, 200)

--- a/djangorestframework/tokenauth/authentication.py
+++ b/djangorestframework/tokenauth/authentication.py
@ -15,19 +15,22 @@ class TokenAuthentication(BaseAuthentication):
    The BaseToken class is available as an abstract model to be derived from.

    The token key should be passed in as a string to the "Authorization" HTTP
-    header.
+    header.  For example:
+
+        Authorization: Token 0123456789abcdef0123456789abcdef
+
    """
    model = Token

    def authenticate(self, request):
-        key = request.META.get('HTTP_AUTHORIZATION', '').strip()
-        if not key:
-            return None
+        auth = request.META.get('HTTP_AUTHORIZATION', '').strip().split()
+        if len(auth) == 2 and auth[0].lower() == "token":
+            key = auth[1]

-        try:
-             token = self.model.objects.get(key=key)
-        except self.model.DoesNotExist:
-             return None
+            try:
+                 token = self.model.objects.get(key=key)
+            except self.model.DoesNotExist:
+                 return None

-        if token.user.is_active and not token.revoked:
-            return (token.user, token)
+            if token.user.is_active and not token.revoked:
+                return (token.user, token)