S. Andrew Sheppard
1712c00001
update invalid token case
2016-01-05 09:42:22 -06:00
S. Andrew Sheppard
ff29fdd875
don't import authtoken model until needed
2015-12-30 15:44:19 -06:00
Tom Christie
d587ad1021
Use REST framework request parsing when accessing old-style .POST
2015-11-04 14:10:51 +00:00
Tymur Maryokhin
4e5da16961
Remove Django 1.4 compat code
2015-08-07 00:02:29 +02:00
José Padilla
7351a3f6ca
Sort imports with isort
2015-06-25 16:55:51 -04:00
José Padilla
83c9136c90
Cleanup import following PEP 8 style guide
2015-06-25 16:10:17 -04:00
Osvaldo Santana Neto
7ae71deb84
Handle invalid characters in headers
2015-06-03 14:55:34 -03:00
Petros Moisiadis
192719eed0
Improve coding style
...
On Tom's suggestion, improve coding style by using a single-line call to getattr() with a default value instead of a multi-line if/else clause.
2015-05-19 20:00:19 +03:00
Petros Moisiadis
a96ebd74b1
Fix flake8 error
...
Fix flake8 error
2015-05-19 19:48:53 +03:00
Petros Moisiadis
c63ea01f4f
Support User model in Django 1.4 that has not a USERNAME_FIELD attribute
...
Support User model in Django 1.4 that has not a USERNAME_FIELD attribute.
2015-05-19 19:05:50 +03:00
Petros Moisiadis
43b4ae752d
Import get_user_model from compat module
...
Import get_user_model from compat module to be compatible with older django versions (e.g. 1.4).
2015-05-19 18:00:17 +03:00
Petros Moisiadis
bb002262ac
Support basic authentication with custom user models that change username field
...
Support basic authentication with custom user models with a username field that is not named 'username'.
2015-05-19 17:42:44 +03:00
Tom Christie
fbb21caaaa
Merge master
2015-02-09 20:43:50 +00:00
Ofir Ovadia
58e7bbc8ec
Prefetching the user object when getting the token in TokenAuthentication.
...
Since the user object is fetched 4 lines after getting Token from the database, this removes a DB query for each token-authenticated request.
2015-02-04 16:08:41 +02:00
Tom Christie
8b4ce5c636
Minor authentication message improvement.
2015-02-04 09:07:10 +00:00
Craig Blaszczyk
91e316f781
prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings
2015-01-07 12:46:23 +00:00
Craig Blaszczyk
4c32083b8b
use double quotes for user visible strings; end user visible strings in full stops; add some missing translation tags
2015-01-07 12:01:11 +00:00
Tymur Maryokhin
d9930181ee
Removed unused imports, pep8 fixes, typo fixes
2014-12-05 00:29:28 +01:00
José Padilla
0cc990792c
Merge branch 'version-3.1' into oauth_as_package
...
Conflicts:
requirements-test.txt
rest_framework/compat.py
tests/settings.py
tox.ini
2014-11-28 12:14:40 -04:00
Danilo Bargen
b187f53453
Changed return status for CSRF failures to HTTP 403
...
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.
[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-23 14:16:08 +02:00
Jharrod LaFon
baa518cd89
Moved OAuth support out of DRF and into a separate package, per #1767
2014-09-05 15:30:01 -07:00
dpanesso
1ab782a430
Using user.get_username() instead of user.username.
...
This solves an error when using a auth model that does not have a username field.
2014-09-03 23:38:03 -05:00
Tom Christie
bf09c32de8
Code linting and added runtests.py
2014-08-19 13:28:07 +01:00
Tom Christie
e385a7b8eb
Merge master
2014-08-19 10:11:10 +01:00
Ron Cohen
05882cc599
Sending "Bearer" and "Bearer " resulted in a 500.
2014-07-25 10:55:53 +00:00
Xavier Ordoquy
d08536ad9d
Merge remote-tracking branch 'origin/master' into 2.4.0
...
Conflicts:
.travis.yml
docs/api-guide/fields.md
docs/api-guide/routers.md
docs/topics/release-notes.md
rest_framework/authentication.py
rest_framework/serializers.py
rest_framework/templatetags/rest_framework.py
rest_framework/tests/test_authentication.py
rest_framework/tests/test_filters.py
rest_framework/tests/test_hyperlinkedserializers.py
rest_framework/tests/test_serializer.py
rest_framework/tests/test_testing.py
rest_framework/utils/encoders.py
tox.ini
2014-04-13 00:05:57 +02:00
Benjamin Dauvergne
1909472aa2
authentication: allow all transport modes of access token in OAuth2Authentication
...
RFC6750 describe three transport modes for access tokens when accessing a
protected resource:
- Auhthorization header with the Bearer authentication type
- form-encoded body parameter
- URI query parameter
This patch add support for last two transport modes.
2014-03-19 12:43:45 +01:00
Eric Buehl
e0682e9298
don't implicitly import provider.oauth2
2014-03-05 17:15:52 +00:00
Tom Christie
52686420f4
Merge branch 'bennbollay-patch-1' into 2.4.0
...
Conflicts:
.travis.yml
docs/api-guide/routers.md
rest_framework/compat.py
tox.ini
2013-12-23 09:48:59 +00:00
Tom Christie
a87c55a93a
Compat fixes for django-oauth-plus versions 2.0-2.2.1
2013-12-13 21:57:07 +00:00
Philip Forget
5239362951
pass oauth_timestamp to oauth_provider
2013-11-14 18:02:07 -05:00
Tom Christie
e441f85109
Drop 1.3 support
2013-09-25 10:30:04 +01:00
Tom Christie
ab799ccc3e
Simplify APIClient implementation
2013-06-29 21:34:47 +01:00
Tom Christie
35022ca921
Refactor SessionAuthentication slightly
2013-06-29 08:14:05 +01:00
Tom Christie
69e5e3cc0d
Use timezone aware datetimes with oauth2 provider, when supported. Closes #947 .
2013-06-26 21:18:13 +01:00
Alex Burgel
ecb8a460c9
Fix serialization exception when using non-existent consumer
2013-06-05 17:02:44 -04:00
Tom Christie
95abe6e844
Cleanup docstrings
2013-04-25 12:47:34 +01:00
Atle Frenvik Sveen
80d28de034
Fix the fact that InvalidConsumerError and InvalidTokenError wasn't imported correctly from oauth_provider
2013-04-03 13:10:41 +02:00
Tom Christie
74fbd5ccc5
Fix bug with inactive user accessing OAuth
2013-04-03 09:20:36 +01:00
Fernando Rocha
b2cea84fae
Complete remove of client checks from oauth2
...
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 19:00:36 -03:00
Fernando Rocha
f1b8fee4f1
client credentials should be optional ( fix #759 )
...
client credentials should only be required on token
request
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 14:05:46 -03:00
Tom Christie
4055129662
If oauth is not attempted don't throw an error. Fixes #748 .
2013-03-22 21:31:50 +00:00
Tom Christie
2596c12a21
Fixes for auth header checking.
2013-03-08 22:56:24 +00:00
Tom Christie
650d8e6a8e
More bits of cleanup
2013-03-08 20:23:25 +00:00
Tom Christie
a4b33992a5
Merge OAuth2 work.
2013-03-07 17:43:13 +00:00
Tom Christie
1d62594fa9
Clean ups.
2013-03-07 15:44:36 +00:00
Tom Christie
44930f3091
Fix Py3k syntax errors
2013-03-07 09:15:05 +00:00
Tom Christie
d4e3610e71
Merge & clean OAuth support
2013-03-07 09:01:53 +00:00
Pierre Dulac
c449dd4f4d
Properly fail to wrong Authorization token type
2013-03-02 20:17:14 +01:00
Pierre Dulac
d4c2267187
Clean up some print and comments
2013-03-01 12:08:28 +01:00