Commit Graph

68 Commits

Author SHA1 Message Date
Tom Christie
d587ad1021 Use REST framework request parsing when accessing old-style .POST 2015-11-04 14:10:51 +00:00
Tymur Maryokhin
4e5da16961 Remove Django 1.4 compat code 2015-08-07 00:02:29 +02:00
José Padilla
7351a3f6ca Sort imports with isort 2015-06-25 16:55:51 -04:00
José Padilla
83c9136c90 Cleanup import following PEP 8 style guide 2015-06-25 16:10:17 -04:00
Osvaldo Santana Neto
7ae71deb84 Handle invalid characters in headers 2015-06-03 14:55:34 -03:00
Petros Moisiadis
192719eed0 Improve coding style
On Tom's suggestion, improve coding style by using a single-line call to getattr() with a default value instead of a multi-line if/else clause.
2015-05-19 20:00:19 +03:00
Petros Moisiadis
a96ebd74b1 Fix flake8 error
Fix flake8 error
2015-05-19 19:48:53 +03:00
Petros Moisiadis
c63ea01f4f Support User model in Django 1.4 that has not a USERNAME_FIELD attribute
Support User model in Django 1.4 that has not a USERNAME_FIELD attribute.
2015-05-19 19:05:50 +03:00
Petros Moisiadis
43b4ae752d Import get_user_model from compat module
Import get_user_model from compat module to be compatible with older django versions (e.g. 1.4).
2015-05-19 18:00:17 +03:00
Petros Moisiadis
bb002262ac Support basic authentication with custom user models that change username field
Support basic authentication with custom user models with a username field that is not named 'username'.
2015-05-19 17:42:44 +03:00
Tom Christie
fbb21caaaa Merge master 2015-02-09 20:43:50 +00:00
Ofir Ovadia
58e7bbc8ec Prefetching the user object when getting the token in TokenAuthentication.
Since the user object is fetched 4 lines after getting Token from the database, this removes a DB query for each token-authenticated request.
2015-02-04 16:08:41 +02:00
Tom Christie
8b4ce5c636 Minor authentication message improvement. 2015-02-04 09:07:10 +00:00
Craig Blaszczyk
91e316f781 prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings 2015-01-07 12:46:23 +00:00
Craig Blaszczyk
4c32083b8b use double quotes for user visible strings; end user visible strings in full stops; add some missing translation tags 2015-01-07 12:01:11 +00:00
Tymur Maryokhin
d9930181ee Removed unused imports, pep8 fixes, typo fixes 2014-12-05 00:29:28 +01:00
José Padilla
0cc990792c Merge branch 'version-3.1' into oauth_as_package
Conflicts:
	requirements-test.txt
	rest_framework/compat.py
	tests/settings.py
	tox.ini
2014-11-28 12:14:40 -04:00
Danilo Bargen
b187f53453 Changed return status for CSRF failures to HTTP 403
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.

[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-23 14:16:08 +02:00
Jharrod LaFon
baa518cd89 Moved OAuth support out of DRF and into a separate package, per #1767 2014-09-05 15:30:01 -07:00
dpanesso
1ab782a430 Using user.get_username() instead of user.username.
This solves an error when using a auth model that does not have a username field.
2014-09-03 23:38:03 -05:00
Tom Christie
bf09c32de8 Code linting and added runtests.py 2014-08-19 13:28:07 +01:00
Tom Christie
e385a7b8eb Merge master 2014-08-19 10:11:10 +01:00
Ron Cohen
05882cc599 Sending "Bearer" and "Bearer " resulted in a 500. 2014-07-25 10:55:53 +00:00
Xavier Ordoquy
d08536ad9d Merge remote-tracking branch 'origin/master' into 2.4.0
Conflicts:
	.travis.yml
	docs/api-guide/fields.md
	docs/api-guide/routers.md
	docs/topics/release-notes.md
	rest_framework/authentication.py
	rest_framework/serializers.py
	rest_framework/templatetags/rest_framework.py
	rest_framework/tests/test_authentication.py
	rest_framework/tests/test_filters.py
	rest_framework/tests/test_hyperlinkedserializers.py
	rest_framework/tests/test_serializer.py
	rest_framework/tests/test_testing.py
	rest_framework/utils/encoders.py
	tox.ini
2014-04-13 00:05:57 +02:00
Benjamin Dauvergne
1909472aa2 authentication: allow all transport modes of access token in OAuth2Authentication
RFC6750 describe three transport modes for access tokens when accessing a
protected resource:
- Auhthorization header with the Bearer authentication type
- form-encoded body parameter
- URI query parameter

This patch add support for last two transport modes.
2014-03-19 12:43:45 +01:00
Eric Buehl
e0682e9298 don't implicitly import provider.oauth2 2014-03-05 17:15:52 +00:00
Tom Christie
52686420f4 Merge branch 'bennbollay-patch-1' into 2.4.0
Conflicts:
	.travis.yml
	docs/api-guide/routers.md
	rest_framework/compat.py
	tox.ini
2013-12-23 09:48:59 +00:00
Tom Christie
a87c55a93a Compat fixes for django-oauth-plus versions 2.0-2.2.1 2013-12-13 21:57:07 +00:00
Philip Forget
5239362951 pass oauth_timestamp to oauth_provider 2013-11-14 18:02:07 -05:00
Tom Christie
e441f85109 Drop 1.3 support 2013-09-25 10:30:04 +01:00
Tom Christie
ab799ccc3e Simplify APIClient implementation 2013-06-29 21:34:47 +01:00
Tom Christie
35022ca921 Refactor SessionAuthentication slightly 2013-06-29 08:14:05 +01:00
Tom Christie
69e5e3cc0d Use timezone aware datetimes with oauth2 provider, when supported. Closes #947. 2013-06-26 21:18:13 +01:00
Alex Burgel
ecb8a460c9 Fix serialization exception when using non-existent consumer 2013-06-05 17:02:44 -04:00
Tom Christie
95abe6e844 Cleanup docstrings 2013-04-25 12:47:34 +01:00
Atle Frenvik Sveen
80d28de034 Fix the fact that InvalidConsumerError and InvalidTokenError wasn't imported correctly from oauth_provider 2013-04-03 13:10:41 +02:00
Tom Christie
74fbd5ccc5 Fix bug with inactive user accessing OAuth 2013-04-03 09:20:36 +01:00
Fernando Rocha
b2cea84fae Complete remove of client checks from oauth2
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 19:00:36 -03:00
Fernando Rocha
f1b8fee4f1 client credentials should be optional (fix #759)
client credentials should only be required on token
request

Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 14:05:46 -03:00
Tom Christie
4055129662 If oauth is not attempted don't throw an error. Fixes #748. 2013-03-22 21:31:50 +00:00
Tom Christie
2596c12a21 Fixes for auth header checking. 2013-03-08 22:56:24 +00:00
Tom Christie
650d8e6a8e More bits of cleanup 2013-03-08 20:23:25 +00:00
Tom Christie
a4b33992a5 Merge OAuth2 work. 2013-03-07 17:43:13 +00:00
Tom Christie
1d62594fa9 Clean ups. 2013-03-07 15:44:36 +00:00
Tom Christie
44930f3091 Fix Py3k syntax errors 2013-03-07 09:15:05 +00:00
Tom Christie
d4e3610e71 Merge & clean OAuth support 2013-03-07 09:01:53 +00:00
Pierre Dulac
c449dd4f4d Properly fail to wrong Authorization token type 2013-03-02 20:17:14 +01:00
Pierre Dulac
d4c2267187 Clean up some print and comments 2013-03-01 12:08:28 +01:00
Pierre Dulac
9d5c306038 Improve the django-oauth2-provider import block
to avoid naming collision with `oauth2` used for OAuth 1
2013-03-01 11:53:30 +01:00
Pierre Dulac
da9d7fb8ec Add the OAuth2Authentication class 2013-03-01 02:08:58 +01:00