Updates to login view for TokenAuthentication from feedback from Tom

2024-11-11 12:17:24 +03:00 · 2012-11-12 15:16:53 -08:00 · 2012-11-12 15:16:53 -08:00 · 8eb37e1f7e
commit 8eb37e1f7e
parent 063c027c7b
4 changed files with 24 additions and 48 deletions
--- a/rest_framework/authtoken/serializers.py
+++ b/rest_framework/authtoken/serializers.py
@ -1,12 +1,8 @@
 from django.contrib.auth import authenticate
-
 from rest_framework import serializers
-from rest_framework.authtoken.models import Token
-

 class AuthTokenSerializer(serializers.Serializer):
-    token = serializers.Field(source="key")
-    username = serializers.CharField(max_length=30)
+    username = serializers.CharField()
    password = serializers.CharField()

    def validate(self, attrs):
@ -26,12 +22,3 @@ class AuthTokenSerializer(serializers.Serializer):
        else:
            raise serializers.ValidationError('Must include "username" and "password"')

-    def convert_object(self, obj):
-        ret = self._dict_class()
-        ret['token'] = obj.key
-        ret['user'] = obj.user.id
-        return ret
-
-    def restore_object(self, attrs, instance=None):
-        token, created = Token.objects.get_or_create(user=attrs['user'])
-        return token
--- a/rest_framework/authtoken/urls.py
+++ b/rest_framework/authtoken/urls.py
@ -13,9 +13,8 @@ your authentication settings include `TokenAuthentication`.
    )
 """
 from django.conf.urls.defaults import patterns, url
-from rest_framework.authtoken.views import AuthTokenLoginView, AuthTokenLogoutView
+from rest_framework.authtoken.views import AuthTokenView

 urlpatterns = patterns('rest_framework.authtoken.views',
-    url(r'^login/$', AuthTokenLoginView.as_view(), name='token_login'),
-    url(r'^logout/$', AuthTokenLogoutView.as_view(), name='token_logout'),
+    url(r'^login/$', AuthTokenView.as_view(), name='token_login'),
 )
--- a/rest_framework/authtoken/views.py
+++ b/rest_framework/authtoken/views.py
@ -1,19 +1,22 @@
 from rest_framework.views import APIView
-from rest_framework.generics import CreateAPIView
+from rest_framework import status
+from rest_framework import parsers
+from rest_framework import renderers
+from rest_framework.response import Response
 from rest_framework.authtoken.models import Token
 from rest_framework.authtoken.serializers import AuthTokenSerializer
-from django.http import HttpResponse

-class AuthTokenLoginView(CreateAPIView):
+class AuthTokenView(APIView):
+    throttle_classes = ()
+    permission_classes = ()
+    parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,)
+    renderer_classes = (renderers.JSONRenderer,) 
    model = Token
-    serializer_class = AuthTokenSerializer

-
-class AuthTokenLogoutView(APIView):
    def post(self, request):
-        if request.user.is_authenticated() and request.auth:
-            request.auth.delete()
-            return HttpResponse("logged out")
-        else:
-            return HttpResponse("not logged in")
+        serializer = AuthTokenSerializer(data=request.DATA)
+        if serializer.is_valid():
+            token, created = Token.objects.get_or_create(user=serializer.object['user'])
+            return Response({'token': token.key})
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

--- a/rest_framework/tests/authentication.py
+++ b/rest_framework/tests/authentication.py
@ -159,7 +159,7 @@ class TokenAuthTests(TestCase):
        client = Client(enforce_csrf_checks=True)
        response = client.post('/auth-token/login/', 
                               json.dumps({'username': self.username, 'password': self.password}), 'application/json')
-        self.assertEqual(response.status_code, 201)
+        self.assertEqual(response.status_code, 200)
        self.assertEqual(json.loads(response.content)['token'], self.key)

    def test_token_login_json_bad_creds(self):
@ -181,18 +181,5 @@ class TokenAuthTests(TestCase):
        client = Client(enforce_csrf_checks=True)
        response = client.post('/auth-token/login/', 
                               {'username': self.username, 'password': self.password})
-        self.assertEqual(response.status_code, 201)
-        self.assertEqual(json.loads(response.content)['token'], self.key)
-
-    def test_token_logout(self):
-        """Ensure token logout view using JSON POST works."""
-        # Use different User and Token as to isolate this test's effects on other unittests in class
-        username = "ringo"
-        user = User.objects.create_user(username, "starr@thebeatles.com", "pass")
-        token = Token.objects.create(user=user)
-        auth = "Token " + token.key
-        client = Client(enforce_csrf_checks=True)
-        response = client.post('/auth-token/logout/', HTTP_AUTHORIZATION=auth)
        self.assertEqual(response.status_code, 200)
-        # Ensure token no longer exists
-        self.assertRaises(Token.DoesNotExist, lambda token: Token.objects.get(key=token.key), token)
+        self.assertEqual(json.loads(response.content)['token'], self.key)