Complete remove of client checks from oauth2

Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2025-01-23 15:54:16 +03:00 · 2013-03-27 19:00:36 -03:00 · 2013-03-27 19:00:36 -03:00 · b2cea84fae
commit b2cea84fae
parent f1b8fee4f1
3 changed files with 3 additions and 20 deletions
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@ -294,7 +294,7 @@ The only thing needed to make the `OAuth2Authentication` class work is to insert

 The command line to test the authentication looks like:

-    curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/?client_id=YOUR_CLIENT_ID\&client_secret=YOUR_CLIENT_SECRET
+    curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/

 ---

--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@ -316,19 +316,11 @@ class OAuth2Authentication(BaseAuthentication):
        """
        Authenticate the request, given the access token.
        """
-        client = None
-
-        # Authenticate the client
-        if 'client_id' in request.REQUEST:
-            oauth2_client_form = oauth2_provider_forms.ClientAuthForm(request.REQUEST)
-            if not oauth2_client_form.is_valid():
-                raise exceptions.AuthenticationFailed('Client could not be validated')
-            client = oauth2_client_form.cleaned_data.get('client')

        try:
            token = oauth2_provider.models.AccessToken.objects.select_related('user')
-            if client is not None:
-                token = token.filter(client=client)
+            # TODO: Change to timezone aware datetime when oauth2_provider add
+            # support to it.
            token = token.get(token=access_token, expires__gt=datetime.now())
        except oauth2_provider.models.AccessToken.DoesNotExist:
            raise exceptions.AuthenticationFailed('Invalid token')
--- a/rest_framework/tests/authentication.py
+++ b/rest_framework/tests/authentication.py
@ -499,15 +499,6 @@ class OAuth2Tests(TestCase):
        response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth)
        self.assertEqual(response.status_code, 401)

-    @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
-    def test_get_form_with_wrong_client_data_failing_auth(self):
-        """Ensure GETing form over OAuth with incorrect client credentials fails"""
-        auth = self._create_authorization_header()
-        params = self._client_credentials_params()
-        params['client_id'] += 'a'
-        response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth)
-        self.assertEqual(response.status_code, 401)
-
    @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
    def test_get_form_passing_auth(self):
        """Ensure GETing form over OAuth with correct client credentials succeed"""