encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-02 11:30:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Make TokenAuthentication RFC2617 compliant

Browse Source 
RFC2617[0] requires that the scheme in the WWW-Authenticate header is `followed by a comma-separated list of attribute-value pairs which carry the parameters necessary for achieving authentication via that scheme.`. That list must not be empty: `challenge = auth-scheme 1*SP 1#auth-param`.

[0] http://tools.ietf.org/html/rfc2617#section-1.2
This commit is contained in:
Martin Kreichgauer 2013-08-01 13:48:12 +02:00
parent 9e9233f87f
commit b60fb18a33
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rest_framework/authentication.py
View File

@ -142,6 +142,7 @@ class TokenAuthentication(BaseAuthentication):
"""
model = Token
www_authenticate_realm = 'api'
"""
A custom token model may be used, but must have the following properties.
@ -176,7 +177,7 @@ class TokenAuthentication(BaseAuthentication):
return (token.user, token)
def authenticate_header(self, request):
return 'Token'
return 'Token realm="%s"' % self.www_authenticate_realm
class OAuthAuthentication(BaseAuthentication):