From c9c383dfad549d01ebee3a38a9d628669e4b4239 Mon Sep 17 00:00:00 2001 From: Thomas Achtemichuk Date: Wed, 17 May 2017 14:52:39 -0400 Subject: [PATCH] Don't trim whitespace from authtoken passwords * Fixes #5148 --- rest_framework/authtoken/serializers.py | 3 ++- tests/test_authtoken.py | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py index b91a8454f..9e1da221b 100644 --- a/rest_framework/authtoken/serializers.py +++ b/rest_framework/authtoken/serializers.py @@ -6,7 +6,8 @@ from rest_framework import serializers class AuthTokenSerializer(serializers.Serializer): username = serializers.CharField(label=_("Username")) - password = serializers.CharField(label=_("Password"), style={'input_type': 'password'}) + password = serializers.CharField(label=_("Password"), + style={'input_type': 'password'}, trim_whitespace=False) def validate(self, attrs): username = attrs.get('username') diff --git a/tests/test_authtoken.py b/tests/test_authtoken.py index 04eeb2f63..54ac1848d 100644 --- a/tests/test_authtoken.py +++ b/tests/test_authtoken.py @@ -27,3 +27,9 @@ class AuthTokenTests(TestCase): def test_validate_raise_error_if_no_credentials_provided(self): with pytest.raises(ValidationError): AuthTokenSerializer().validate({}) + + def test_whitespace_in_password(self): + data = {'username': self.user.username, 'password': 'test pass '} + self.user.set_password(data['password']) + self.user.save() + assert AuthTokenSerializer(data=data).is_valid()