encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-10-31 07:57:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Example custom authentication. Fixes #301.

Browse Source
This commit is contained in:
Tom Christie 2013-01-28 07:36:57 +00:00
parent cb219fa04f
commit e649f2ec61
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/api-guide/authentication.md
View File

@ -194,6 +194,24 @@ You *may* also override the `.authentication_header(self, request)` method. If
If the `.authentication_header()` method is not overridden, the authentication scheme will return `HTTP 403 Forbidden` responses when an unauthenticated request is denied access. If the `.authentication_header()` method is not overridden, the authentication scheme will return `HTTP 403 Forbidden` responses when an unauthenticated request is denied access.
## Example
The following example will authenticate any incoming request as the user given by the username in a custom request header named 'X_USERNAME'.
class ExampleAuthentication(authentication.BaseAuthentication):
def has_permission(self, request, view, obj=None):
username = request.META.get('X_USERNAME')
if not username:
return None
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
raise authenticate.AuthenticationFailed('No such user')
return (user, None)
[cite]: http://jacobian.org/writing/rest-worst-practices/ [cite]: http://jacobian.org/writing/rest-worst-practices/
[http401]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2 [http401]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
[http403]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4 [http403]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4