From 42a2a5ef876ee2768010e1b35781f8a59f563581 Mon Sep 17 00:00:00 2001
From: Ben Holloway <budlight@gmail.com>
Date: Tue, 17 Sep 2013 22:48:38 +0000
Subject: [PATCH 1/2] added in GET to token auth

---
 rest_framework/authentication.py | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index cf001a24d..87771d076 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -150,19 +150,20 @@ class TokenAuthentication(BaseAuthentication):
     """
 
     def authenticate(self, request):
-        auth = get_authorization_header(request).split()
-
-        if not auth or auth[0].lower() != b'token':
+        parts = get_authorization_header(request).split()
+        if parts:
+            if len(parts) == 1:
+                msg = 'Invalid token header. No credentials provided.'
+                raise exceptions.AuthenticationFailed(msg)
+            elif len(parts) > 2:
+                msg = 'Invalid token header. Token string should not contain spaces.'
+                raise exceptions.AuthenticationFailed(msg)
+            token = parts[1]
+        else:
+            token = request.GET.get('token', '')
+        if not token:
             return None
-
-        if len(auth) == 1:
-            msg = 'Invalid token header. No credentials provided.'
-            raise exceptions.AuthenticationFailed(msg)
-        elif len(auth) > 2:
-            msg = 'Invalid token header. Token string should not contain spaces.'
-            raise exceptions.AuthenticationFailed(msg)
-
-        return self.authenticate_credentials(auth[1])
+        return self.authenticate_credentials(token)
 
     def authenticate_credentials(self, key):
         try:

From d1802b0a9fd073119f3869e8bc979a6eb6da70ed Mon Sep 17 00:00:00 2001
From: Ben Holloway <budlight@gmail.com>
Date: Tue, 17 Sep 2013 23:22:58 +0000
Subject: [PATCH 2/2] show token for token auth on browseable api page

---
 rest_framework/templates/rest_framework/base.html | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/rest_framework/templates/rest_framework/base.html b/rest_framework/templates/rest_framework/base.html
index 2776d5500..a4ba6f2ad 100644
--- a/rest_framework/templates/rest_framework/base.html
+++ b/rest_framework/templates/rest_framework/base.html
@@ -70,6 +70,7 @@
     <!-- Content -->
     <div id="content">
 
+
         {% if 'GET' in allowed_methods %}
             <form id="get-form" class="pull-right">
                 <fieldset>
@@ -111,6 +112,17 @@
         <div class="content-main">
             <div class="page-header"><h1>{{ name }}</h1></div>
             {{ description }}
+            {% if user.auth_token.key %}
+                <input class="input-xxlarge" type="text" value="{{ user.auth_token.key}}" name="key" size="40" onclick="this.select()" />
+                <label class="help-inline" for="key">API Key</label>
+                <span class="help-block">
+                To use Token Authentication append the token into a GET variable named "token" or add
+                to the Authentization header as shown below:
+                </span>
+                <pre class="prettyprint">Authorization: Token {{ user.auth_token.key }}</pre>
+
+            {% endif %}
+
             <div class="request-info" style="clear: both" >
                 <pre class="prettyprint"><b>{{ request.method }}</b> {{ request.get_full_path }}</pre>
             </div>