Commit Graph

52 Commits

Author SHA1 Message Date
Ofir Ovadia
58e7bbc8ec Prefetching the user object when getting the token in TokenAuthentication.
Since the user object is fetched 4 lines after getting Token from the database, this removes a DB query for each token-authenticated request.
2015-02-04 16:08:41 +02:00
Tymur Maryokhin
d9930181ee Removed unused imports, pep8 fixes, typo fixes 2014-12-05 00:29:28 +01:00
Danilo Bargen
b187f53453 Changed return status for CSRF failures to HTTP 403
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.

[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-23 14:16:08 +02:00
dpanesso
1ab782a430 Using user.get_username() instead of user.username.
This solves an error when using a auth model that does not have a username field.
2014-09-03 23:38:03 -05:00
Tom Christie
bf09c32de8 Code linting and added runtests.py 2014-08-19 13:28:07 +01:00
Tom Christie
e385a7b8eb Merge master 2014-08-19 10:11:10 +01:00
Ron Cohen
05882cc599 Sending "Bearer" and "Bearer " resulted in a 500. 2014-07-25 10:55:53 +00:00
Xavier Ordoquy
d08536ad9d Merge remote-tracking branch 'origin/master' into 2.4.0
Conflicts:
	.travis.yml
	docs/api-guide/fields.md
	docs/api-guide/routers.md
	docs/topics/release-notes.md
	rest_framework/authentication.py
	rest_framework/serializers.py
	rest_framework/templatetags/rest_framework.py
	rest_framework/tests/test_authentication.py
	rest_framework/tests/test_filters.py
	rest_framework/tests/test_hyperlinkedserializers.py
	rest_framework/tests/test_serializer.py
	rest_framework/tests/test_testing.py
	rest_framework/utils/encoders.py
	tox.ini
2014-04-13 00:05:57 +02:00
Benjamin Dauvergne
1909472aa2 authentication: allow all transport modes of access token in OAuth2Authentication
RFC6750 describe three transport modes for access tokens when accessing a
protected resource:
- Auhthorization header with the Bearer authentication type
- form-encoded body parameter
- URI query parameter

This patch add support for last two transport modes.
2014-03-19 12:43:45 +01:00
Eric Buehl
e0682e9298 don't implicitly import provider.oauth2 2014-03-05 17:15:52 +00:00
Tom Christie
52686420f4 Merge branch 'bennbollay-patch-1' into 2.4.0
Conflicts:
	.travis.yml
	docs/api-guide/routers.md
	rest_framework/compat.py
	tox.ini
2013-12-23 09:48:59 +00:00
Tom Christie
a87c55a93a Compat fixes for django-oauth-plus versions 2.0-2.2.1 2013-12-13 21:57:07 +00:00
Philip Forget
5239362951 pass oauth_timestamp to oauth_provider 2013-11-14 18:02:07 -05:00
Tom Christie
e441f85109 Drop 1.3 support 2013-09-25 10:30:04 +01:00
Tom Christie
ab799ccc3e Simplify APIClient implementation 2013-06-29 21:34:47 +01:00
Tom Christie
35022ca921 Refactor SessionAuthentication slightly 2013-06-29 08:14:05 +01:00
Tom Christie
69e5e3cc0d Use timezone aware datetimes with oauth2 provider, when supported. Closes #947. 2013-06-26 21:18:13 +01:00
Alex Burgel
ecb8a460c9 Fix serialization exception when using non-existent consumer 2013-06-05 17:02:44 -04:00
Tom Christie
95abe6e844 Cleanup docstrings 2013-04-25 12:47:34 +01:00
Atle Frenvik Sveen
80d28de034 Fix the fact that InvalidConsumerError and InvalidTokenError wasn't imported correctly from oauth_provider 2013-04-03 13:10:41 +02:00
Tom Christie
74fbd5ccc5 Fix bug with inactive user accessing OAuth 2013-04-03 09:20:36 +01:00
Fernando Rocha
b2cea84fae Complete remove of client checks from oauth2
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 19:00:36 -03:00
Fernando Rocha
f1b8fee4f1 client credentials should be optional (fix #759)
client credentials should only be required on token
request

Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 14:05:46 -03:00
Tom Christie
4055129662 If oauth is not attempted don't throw an error. Fixes #748. 2013-03-22 21:31:50 +00:00
Tom Christie
2596c12a21 Fixes for auth header checking. 2013-03-08 22:56:24 +00:00
Tom Christie
650d8e6a8e More bits of cleanup 2013-03-08 20:23:25 +00:00
Tom Christie
a4b33992a5 Merge OAuth2 work. 2013-03-07 17:43:13 +00:00
Tom Christie
1d62594fa9 Clean ups. 2013-03-07 15:44:36 +00:00
Tom Christie
44930f3091 Fix Py3k syntax errors 2013-03-07 09:15:05 +00:00
Tom Christie
d4e3610e71 Merge & clean OAuth support 2013-03-07 09:01:53 +00:00
Pierre Dulac
c449dd4f4d Properly fail to wrong Authorization token type 2013-03-02 20:17:14 +01:00
Pierre Dulac
d4c2267187 Clean up some print and comments 2013-03-01 12:08:28 +01:00
Pierre Dulac
9d5c306038 Improve the django-oauth2-provider import block
to avoid naming collision with `oauth2` used for OAuth 1
2013-03-01 11:53:30 +01:00
Pierre Dulac
da9d7fb8ec Add the OAuth2Authentication class 2013-03-01 02:08:58 +01:00
swistakm
59a6f5f463 Move oauth2 and django-oauth-plus imports to compat and fix some minor issues
- alias oauth2 as oauth
- remove rouge print
- remove docstring markups
- OAuthAuthentication.authenticate() now returns (user, token) two-tuple on success
- don't set request.user because it's already set
2013-02-26 11:22:21 +01:00
swistakm
1aed9c1604 add OAuthAuthentication class 2013-02-25 16:58:16 +01:00
Tom Christie
b052c92ac3 Cleanup imports
Mostly adding `from __future__ import unicode_literals` everywhere.
2013-02-04 20:55:35 +00:00
Tom Christie
f4f237e3ee 3.2, 3.3 compat 2013-02-01 14:03:28 +00:00
Tom Christie
d9c7b1c585 Merge branch 'p3k' of https://github.com/linovia/django-rest-framework into working
Conflicts:
	rest_framework/authentication.py
	rest_framework/relations.py
	rest_framework/serializers.py
	rest_framework/settings.py
	rest_framework/tests/authentication.py
	rest_framework/tests/genericrelations.py
	rest_framework/tests/generics.py
	rest_framework/tests/relations_hyperlink.py
	rest_framework/tests/relations_nested.py
	rest_framework/tests/relations_pk.py
	rest_framework/tests/serializer.py
2013-02-01 11:58:55 +00:00
Tom Christie
65b62d64ec WWW-Authenticate responses 2013-01-21 21:29:49 +00:00
Xavier Ordoquy
510d6a3c55 Introduced HTTP_HEADER_ENCODING. 2013-01-07 23:26:14 +01:00
Xavier Ordoquy
06ae47752f Also use the compat module in that file. 2013-01-03 12:49:57 +01:00
Xavier Ordoquy
b68263fb65 Default encoding should probably be latin-1 as some RFC seems to imply it. 2012-11-23 01:11:09 +01:00
Xavier Ordoquy
606c20f012 6 first tests passes under python 3.2 2012-11-22 02:08:00 +01:00
Xavier Ordoquy
b3698acb6c First passing test under p3k \o/ 2012-11-22 00:20:49 +01:00
Tom Christie
873a142af2 Implementing 401 vs 403 responses 2012-11-13 11:27:09 +00:00
Tom Christie
5ae49a4ec4 Add docs for 401 vs 403 responses 2012-10-17 14:59:53 +01:00
Tom Christie
3c8f01b985 Explicit CSRF failure message. Fixes #60. 2012-10-15 14:03:36 +01:00
Tom Christie
9c1fba3483 Tweak parsers to take parser_context 2012-10-15 13:27:50 +01:00
Tom Christie
221ecd2182 Fix session auth 2012-10-10 16:36:25 +01:00