Merge d1802b0a9f into eb0a98ad4b

2025-08-02 11:30:12 +03:00 · 2013-09-18 05:32:27 -07:00 · 2013-09-18 05:32:27 -07:00 · 9bb7276083
commit 9bb7276083
parent eb0a98ad4b d1802b0a9f
2 changed files with 25 additions and 12 deletions
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@ -150,19 +150,20 @@ class TokenAuthentication(BaseAuthentication):
    """

    def authenticate(self, request):
-        auth = get_authorization_header(request).split()
-
-        if not auth or auth[0].lower() != b'token':
+        parts = get_authorization_header(request).split()
+        if parts:
+            if len(parts) == 1:
+                msg = 'Invalid token header. No credentials provided.'
+                raise exceptions.AuthenticationFailed(msg)
+            elif len(parts) > 2:
+                msg = 'Invalid token header. Token string should not contain spaces.'
+                raise exceptions.AuthenticationFailed(msg)
+            token = parts[1]
+        else:
+            token = request.GET.get('token', '')
+        if not token:
            return None
-
-        if len(auth) == 1:
-            msg = 'Invalid token header. No credentials provided.'
-            raise exceptions.AuthenticationFailed(msg)
-        elif len(auth) > 2:
-            msg = 'Invalid token header. Token string should not contain spaces.'
-            raise exceptions.AuthenticationFailed(msg)
-
-        return self.authenticate_credentials(auth[1])
+        return self.authenticate_credentials(token)

    def authenticate_credentials(self, key):
        try:
--- a/rest_framework/templates/rest_framework/base.html
+++ b/rest_framework/templates/rest_framework/base.html
@ -70,6 +70,7 @@
    <!-- Content -->
    <div id="content">

+
        {% if 'GET' in allowed_methods %}
            <form id="get-form" class="pull-right">
                <fieldset>
@ -111,6 +112,17 @@
        <div class="content-main">
            <div class="page-header"><h1>{{ name }}</h1></div>
            {{ description }}
+            {% if user.auth_token.key %}
+                <input class="input-xxlarge" type="text" value="{{ user.auth_token.key}}" name="key" size="40" onclick="this.select()" />
+                <label class="help-inline" for="key">API Key</label>
+                <span class="help-block">
+                To use Token Authentication append the token into a GET variable named "token" or add
+                to the Authentization header as shown below:
+                </span>
+                <pre class="prettyprint">Authorization: Token {{ user.auth_token.key }}</pre>
+
+            {% endif %}
+
            <div class="request-info" style="clear: both" >
                <pre class="prettyprint"><b>{{ request.method }}</b> {{ request.get_full_path }}</pre>
            </div>