encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-01-24 00:04:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

Reverted #458

Browse Source 
When incorrect parameters are supplied to the obtain auth token view
400 *is* the correct response.
This commit is contained in:
Tom Christie 2012-12-07 22:25:16 +00:00
parent 303bc7cf95
commit c911d54ae3
3 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rest_framework/authtoken/serializers.py
View File

@ -1,6 +1,7 @@
from django.contrib.auth import authenticate from django.contrib.auth import authenticate
from rest_framework import serializers from rest_framework import serializers
class AuthTokenSerializer(serializers.Serializer): class AuthTokenSerializer(serializers.Serializer):
username = serializers.CharField() username = serializers.CharField()
password = serializers.CharField() password = serializers.CharField()
@ -21,4 +22,3 @@ class AuthTokenSerializer(serializers.Serializer):
raise serializers.ValidationError('Unable to login with provided credentials.') raise serializers.ValidationError('Unable to login with provided credentials.')
else: else:
raise serializers.ValidationError('Must include "username" and "password"') raise serializers.ValidationError('Must include "username" and "password"')

3
rest_framework/authtoken/views.py
View File

@ -6,6 +6,7 @@ from rest_framework.response import Response
from rest_framework.authtoken.models import Token from rest_framework.authtoken.models import Token
from rest_framework.authtoken.serializers import AuthTokenSerializer from rest_framework.authtoken.serializers import AuthTokenSerializer
class ObtainAuthToken(APIView): class ObtainAuthToken(APIView):
throttle_classes = () throttle_classes = ()
permission_classes = () permission_classes = ()
@ -18,7 +19,7 @@ class ObtainAuthToken(APIView):
if serializer.is_valid(): if serializer.is_valid():
token, created = Token.objects.get_or_create(user=serializer.object['user']) token, created = Token.objects.get_or_create(user=serializer.object['user'])
return Response({'token': token.key}) return Response({'token': token.key})
return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
obtain_auth_token = ObtainAuthToken.as_view() obtain_auth_token = ObtainAuthToken.as_view()

16
rest_framework/tests/authentication.py
View File

@ -1,4 +1,4 @@
from django.conf.urls.defaults import patterns, include from django.conf.urls.defaults import patterns
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.test import Client, TestCase from django.test import Client, TestCase
@ -27,7 +27,7 @@ MockView.authentication_classes += (TokenAuthentication,)
urlpatterns = patterns('', urlpatterns = patterns('',
(r'^$', MockView.as_view()), (r'^$', MockView.as_view()),
(r'^auth-token/', 'rest_framework.authtoken.views.obtain_auth_token'), (r'^auth-token/$', 'rest_framework.authtoken.views.obtain_auth_token'),
) )
@ -157,7 +157,7 @@ class TokenAuthTests(TestCase):
def test_token_login_json(self): def test_token_login_json(self):
"""Ensure token login view using JSON POST works.""" """Ensure token login view using JSON POST works."""
client = Client(enforce_csrf_checks=True) client = Client(enforce_csrf_checks=True)
response = client.post('/auth-token/login/', response = client.post('/auth-token/',
json.dumps({'username': self.username, 'password': self.password}), 'application/json') json.dumps({'username': self.username, 'password': self.password}), 'application/json')
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content)['token'], self.key) self.assertEqual(json.loads(response.content)['token'], self.key)
@ -165,21 +165,21 @@ class TokenAuthTests(TestCase):
def test_token_login_json_bad_creds(self): def test_token_login_json_bad_creds(self):
"""Ensure token login view using JSON POST fails if bad credentials are used.""" """Ensure token login view using JSON POST fails if bad credentials are used."""
client = Client(enforce_csrf_checks=True) client = Client(enforce_csrf_checks=True)
response = client.post('/auth-token/login/', response = client.post('/auth-token/',
json.dumps({'username': self.username, 'password': "badpass"}), 'application/json') json.dumps({'username': self.username, 'password': "badpass"}), 'application/json')
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 400)
def test_token_login_json_missing_fields(self): def test_token_login_json_missing_fields(self):
"""Ensure token login view using JSON POST fails if missing fields.""" """Ensure token login view using JSON POST fails if missing fields."""
client = Client(enforce_csrf_checks=True) client = Client(enforce_csrf_checks=True)
response = client.post('/auth-token/login/', response = client.post('/auth-token/',
json.dumps({'username': self.username}), 'application/json') json.dumps({'username': self.username}), 'application/json')
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 400)
def test_token_login_form(self): def test_token_login_form(self):
"""Ensure token login view using form POST works.""" """Ensure token login view using form POST works."""
client = Client(enforce_csrf_checks=True) client = Client(enforce_csrf_checks=True)
response = client.post('/auth-token/login/', response = client.post('/auth-token/',
{'username': self.username, 'password': self.password}) {'username': self.username, 'password': self.password})
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content)['token'], self.key) self.assertEqual(json.loads(response.content)['token'], self.key)