From c911d54ae3769243fe6c74c29b5d16c7ac6efa10 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Fri, 7 Dec 2012 22:25:16 +0000
Subject: [PATCH] Reverted #458

When incorrect parameters are supplied to the obtain auth token view
400 *is* the correct response.
---
 rest_framework/authtoken/serializers.py |  2 +-
 rest_framework/authtoken/views.py       |  5 +++--
 rest_framework/tests/authentication.py  | 16 ++++++++--------
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py
index a5ed6e6d7..60a3740e7 100644
--- a/rest_framework/authtoken/serializers.py
+++ b/rest_framework/authtoken/serializers.py
@@ -1,6 +1,7 @@
 from django.contrib.auth import authenticate
 from rest_framework import serializers
 
+
 class AuthTokenSerializer(serializers.Serializer):
     username = serializers.CharField()
     password = serializers.CharField()
@@ -21,4 +22,3 @@ class AuthTokenSerializer(serializers.Serializer):
                 raise serializers.ValidationError('Unable to login with provided credentials.')
         else:
             raise serializers.ValidationError('Must include "username" and "password"')
-
diff --git a/rest_framework/authtoken/views.py b/rest_framework/authtoken/views.py
index cfaacbe9a..d318c7233 100644
--- a/rest_framework/authtoken/views.py
+++ b/rest_framework/authtoken/views.py
@@ -6,11 +6,12 @@ from rest_framework.response import Response
 from rest_framework.authtoken.models import Token
 from rest_framework.authtoken.serializers import AuthTokenSerializer
 
+
 class ObtainAuthToken(APIView):
     throttle_classes = ()
     permission_classes = ()
     parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,)
-    renderer_classes = (renderers.JSONRenderer,) 
+    renderer_classes = (renderers.JSONRenderer,)
     model = Token
 
     def post(self, request):
@@ -18,7 +19,7 @@ class ObtainAuthToken(APIView):
         if serializer.is_valid():
             token, created = Token.objects.get_or_create(user=serializer.object['user'])
             return Response({'token': token.key})
-        return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
 
 obtain_auth_token = ObtainAuthToken.as_view()
diff --git a/rest_framework/tests/authentication.py b/rest_framework/tests/authentication.py
index 802bc6c1f..d498ae3e0 100644
--- a/rest_framework/tests/authentication.py
+++ b/rest_framework/tests/authentication.py
@@ -1,4 +1,4 @@
-from django.conf.urls.defaults import patterns, include
+from django.conf.urls.defaults import patterns
 from django.contrib.auth.models import User
 from django.test import Client, TestCase
 
@@ -27,7 +27,7 @@ MockView.authentication_classes += (TokenAuthentication,)
 
 urlpatterns = patterns('',
     (r'^$', MockView.as_view()),
-    (r'^auth-token/', 'rest_framework.authtoken.views.obtain_auth_token'),
+    (r'^auth-token/$', 'rest_framework.authtoken.views.obtain_auth_token'),
 )
 
 
@@ -157,7 +157,7 @@ class TokenAuthTests(TestCase):
     def test_token_login_json(self):
         """Ensure token login view using JSON POST works."""
         client = Client(enforce_csrf_checks=True)
-        response = client.post('/auth-token/login/', 
+        response = client.post('/auth-token/',
                                json.dumps({'username': self.username, 'password': self.password}), 'application/json')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(json.loads(response.content)['token'], self.key)
@@ -165,21 +165,21 @@ class TokenAuthTests(TestCase):
     def test_token_login_json_bad_creds(self):
         """Ensure token login view using JSON POST fails if bad credentials are used."""
         client = Client(enforce_csrf_checks=True)
-        response = client.post('/auth-token/login/', 
+        response = client.post('/auth-token/',
                                json.dumps({'username': self.username, 'password': "badpass"}), 'application/json')
-        self.assertEqual(response.status_code, 401)
+        self.assertEqual(response.status_code, 400)
 
     def test_token_login_json_missing_fields(self):
         """Ensure token login view using JSON POST fails if missing fields."""
         client = Client(enforce_csrf_checks=True)
-        response = client.post('/auth-token/login/', 
+        response = client.post('/auth-token/',
                                json.dumps({'username': self.username}), 'application/json')
-        self.assertEqual(response.status_code, 401)
+        self.assertEqual(response.status_code, 400)
 
     def test_token_login_form(self):
         """Ensure token login view using form POST works."""
         client = Client(enforce_csrf_checks=True)
-        response = client.post('/auth-token/login/', 
+        response = client.post('/auth-token/',
                                {'username': self.username, 'password': self.password})
         self.assertEqual(response.status_code, 200)
         self.assertEqual(json.loads(response.content)['token'], self.key)