encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-03 05:04:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Complete remove of client checks from oauth2

Browse Source 
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
This commit is contained in:
Fernando Rocha 2013-03-27 19:00:36 -03:00
parent f1b8fee4f1
commit b2cea84fae
3 changed files with 3 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/api-guide/authentication.md
View File

@ -294,7 +294,7 @@ The only thing needed to make the `OAuth2Authentication` class work is to insert
The command line to test the authentication looks like: The command line to test the authentication looks like:
curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/?client_id=YOUR_CLIENT_ID\&client_secret=YOUR_CLIENT_SECRET curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/
--- ---

12
rest_framework/authentication.py
View File

@ -316,19 +316,11 @@ class OAuth2Authentication(BaseAuthentication):
""" """
Authenticate the request, given the access token. Authenticate the request, given the access token.
""" """
client = None
# Authenticate the client
if 'client_id' in request.REQUEST:
oauth2_client_form = oauth2_provider_forms.ClientAuthForm(request.REQUEST)
if not oauth2_client_form.is_valid():
raise exceptions.AuthenticationFailed('Client could not be validated')
client = oauth2_client_form.cleaned_data.get('client')
try: try:
token = oauth2_provider.models.AccessToken.objects.select_related('user') token = oauth2_provider.models.AccessToken.objects.select_related('user')
if client is not None: # TODO: Change to timezone aware datetime when oauth2_provider add
token = token.filter(client=client) # support to it.
token = token.get(token=access_token, expires__gt=datetime.now()) token = token.get(token=access_token, expires__gt=datetime.now())
except oauth2_provider.models.AccessToken.DoesNotExist: except oauth2_provider.models.AccessToken.DoesNotExist:
raise exceptions.AuthenticationFailed('Invalid token') raise exceptions.AuthenticationFailed('Invalid token')

9
rest_framework/tests/authentication.py
View File

@ -499,15 +499,6 @@ class OAuth2Tests(TestCase):
response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth) response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
@unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
def test_get_form_with_wrong_client_data_failing_auth(self):
"""Ensure GETing form over OAuth with incorrect client credentials fails"""
auth = self._create_authorization_header()
params = self._client_credentials_params()
params['client_id'] += 'a'
response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, 401)
@unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed') @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
def test_get_form_passing_auth(self): def test_get_form_passing_auth(self):
"""Ensure GETing form over OAuth with correct client credentials succeed""" """Ensure GETing form over OAuth with correct client credentials succeed"""