Commit Graph

76 Commits

Author SHA1 Message Date
Miro Hrončok
ffdac0d936 TokenAuthentication: Allow custom keyword in the header (#4097)
This allows subclassing TokenAuthentication and setting custom keyword,
thus allowing the Authorization header to be for example:

    Bearer 956e252a-513c-48c5-92dd-bfddc364e812

It doesn't change the behavior of TokenAuthentication itself,
it simply allows to reuse the logic of TokenAuthentication without
the need of copy pasting the class and changing one hardcoded string.

Related: #4080
2016-05-04 10:53:34 +01:00
Germán Larraín
e19b21ecc5 Handle incorrectly padded HTTP basic auth header (#4090) 2016-05-03 09:24:55 +01:00
Xavier Ordoquy
2622588b30 Typo correction. 2016-04-07 18:00:17 +02:00
Xavier Ordoquy
763aab6b45 Fix the string_types / text_types confusion introduced in #4025 2016-04-05 16:29:16 +02:00
Nitesh Lohchab
09aa8f76c4 python2.x and 3.x compatible 2016-04-03 18:39:32 +05:30
Nitesh Lohchab
c22b92a66c type('') to str 2016-04-03 00:07:45 +05:30
S. Andrew Sheppard
1712c00001 update invalid token case 2016-01-05 09:42:22 -06:00
S. Andrew Sheppard
ff29fdd875 don't import authtoken model until needed 2015-12-30 15:44:19 -06:00
Tom Christie
d587ad1021 Use REST framework request parsing when accessing old-style .POST 2015-11-04 14:10:51 +00:00
Tymur Maryokhin
4e5da16961 Remove Django 1.4 compat code 2015-08-07 00:02:29 +02:00
José Padilla
7351a3f6ca Sort imports with isort 2015-06-25 16:55:51 -04:00
José Padilla
83c9136c90 Cleanup import following PEP 8 style guide 2015-06-25 16:10:17 -04:00
Osvaldo Santana Neto
7ae71deb84 Handle invalid characters in headers 2015-06-03 14:55:34 -03:00
Petros Moisiadis
192719eed0 Improve coding style
On Tom's suggestion, improve coding style by using a single-line call to getattr() with a default value instead of a multi-line if/else clause.
2015-05-19 20:00:19 +03:00
Petros Moisiadis
a96ebd74b1 Fix flake8 error
Fix flake8 error
2015-05-19 19:48:53 +03:00
Petros Moisiadis
c63ea01f4f Support User model in Django 1.4 that has not a USERNAME_FIELD attribute
Support User model in Django 1.4 that has not a USERNAME_FIELD attribute.
2015-05-19 19:05:50 +03:00
Petros Moisiadis
43b4ae752d Import get_user_model from compat module
Import get_user_model from compat module to be compatible with older django versions (e.g. 1.4).
2015-05-19 18:00:17 +03:00
Petros Moisiadis
bb002262ac Support basic authentication with custom user models that change username field
Support basic authentication with custom user models with a username field that is not named 'username'.
2015-05-19 17:42:44 +03:00
Tom Christie
fbb21caaaa Merge master 2015-02-09 20:43:50 +00:00
Ofir Ovadia
58e7bbc8ec Prefetching the user object when getting the token in TokenAuthentication.
Since the user object is fetched 4 lines after getting Token from the database, this removes a DB query for each token-authenticated request.
2015-02-04 16:08:41 +02:00
Tom Christie
8b4ce5c636 Minor authentication message improvement. 2015-02-04 09:07:10 +00:00
Craig Blaszczyk
91e316f781 prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings 2015-01-07 12:46:23 +00:00
Craig Blaszczyk
4c32083b8b use double quotes for user visible strings; end user visible strings in full stops; add some missing translation tags 2015-01-07 12:01:11 +00:00
Tymur Maryokhin
d9930181ee Removed unused imports, pep8 fixes, typo fixes 2014-12-05 00:29:28 +01:00
José Padilla
0cc990792c Merge branch 'version-3.1' into oauth_as_package
Conflicts:
	requirements-test.txt
	rest_framework/compat.py
	tests/settings.py
	tox.ini
2014-11-28 12:14:40 -04:00
Danilo Bargen
b187f53453 Changed return status for CSRF failures to HTTP 403
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.

[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-23 14:16:08 +02:00
Jharrod LaFon
baa518cd89 Moved OAuth support out of DRF and into a separate package, per #1767 2014-09-05 15:30:01 -07:00
dpanesso
1ab782a430 Using user.get_username() instead of user.username.
This solves an error when using a auth model that does not have a username field.
2014-09-03 23:38:03 -05:00
Tom Christie
bf09c32de8 Code linting and added runtests.py 2014-08-19 13:28:07 +01:00
Tom Christie
e385a7b8eb Merge master 2014-08-19 10:11:10 +01:00
Ron Cohen
05882cc599 Sending "Bearer" and "Bearer " resulted in a 500. 2014-07-25 10:55:53 +00:00
Xavier Ordoquy
d08536ad9d Merge remote-tracking branch 'origin/master' into 2.4.0
Conflicts:
	.travis.yml
	docs/api-guide/fields.md
	docs/api-guide/routers.md
	docs/topics/release-notes.md
	rest_framework/authentication.py
	rest_framework/serializers.py
	rest_framework/templatetags/rest_framework.py
	rest_framework/tests/test_authentication.py
	rest_framework/tests/test_filters.py
	rest_framework/tests/test_hyperlinkedserializers.py
	rest_framework/tests/test_serializer.py
	rest_framework/tests/test_testing.py
	rest_framework/utils/encoders.py
	tox.ini
2014-04-13 00:05:57 +02:00
Benjamin Dauvergne
1909472aa2 authentication: allow all transport modes of access token in OAuth2Authentication
RFC6750 describe three transport modes for access tokens when accessing a
protected resource:
- Auhthorization header with the Bearer authentication type
- form-encoded body parameter
- URI query parameter

This patch add support for last two transport modes.
2014-03-19 12:43:45 +01:00
Eric Buehl
e0682e9298 don't implicitly import provider.oauth2 2014-03-05 17:15:52 +00:00
Tom Christie
52686420f4 Merge branch 'bennbollay-patch-1' into 2.4.0
Conflicts:
	.travis.yml
	docs/api-guide/routers.md
	rest_framework/compat.py
	tox.ini
2013-12-23 09:48:59 +00:00
Tom Christie
a87c55a93a Compat fixes for django-oauth-plus versions 2.0-2.2.1 2013-12-13 21:57:07 +00:00
Philip Forget
5239362951 pass oauth_timestamp to oauth_provider 2013-11-14 18:02:07 -05:00
Tom Christie
e441f85109 Drop 1.3 support 2013-09-25 10:30:04 +01:00
Tom Christie
ab799ccc3e Simplify APIClient implementation 2013-06-29 21:34:47 +01:00
Tom Christie
35022ca921 Refactor SessionAuthentication slightly 2013-06-29 08:14:05 +01:00
Tom Christie
69e5e3cc0d Use timezone aware datetimes with oauth2 provider, when supported. Closes #947. 2013-06-26 21:18:13 +01:00
Alex Burgel
ecb8a460c9 Fix serialization exception when using non-existent consumer 2013-06-05 17:02:44 -04:00
Tom Christie
95abe6e844 Cleanup docstrings 2013-04-25 12:47:34 +01:00
Atle Frenvik Sveen
80d28de034 Fix the fact that InvalidConsumerError and InvalidTokenError wasn't imported correctly from oauth_provider 2013-04-03 13:10:41 +02:00
Tom Christie
74fbd5ccc5 Fix bug with inactive user accessing OAuth 2013-04-03 09:20:36 +01:00
Fernando Rocha
b2cea84fae Complete remove of client checks from oauth2
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 19:00:36 -03:00
Fernando Rocha
f1b8fee4f1 client credentials should be optional (fix #759)
client credentials should only be required on token
request

Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 14:05:46 -03:00
Tom Christie
4055129662 If oauth is not attempted don't throw an error. Fixes #748. 2013-03-22 21:31:50 +00:00
Tom Christie
2596c12a21 Fixes for auth header checking. 2013-03-08 22:56:24 +00:00
Tom Christie
650d8e6a8e More bits of cleanup 2013-03-08 20:23:25 +00:00