Ofir Ovadia
58e7bbc8ec
Prefetching the user object when getting the token in TokenAuthentication.
...
Since the user object is fetched 4 lines after getting Token from the database, this removes a DB query for each token-authenticated request.
2015-02-04 16:08:41 +02:00
Tymur Maryokhin
d9930181ee
Removed unused imports, pep8 fixes, typo fixes
2014-12-05 00:29:28 +01:00
Danilo Bargen
b187f53453
Changed return status for CSRF failures to HTTP 403
...
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.
[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-23 14:16:08 +02:00
dpanesso
1ab782a430
Using user.get_username() instead of user.username.
...
This solves an error when using a auth model that does not have a username field.
2014-09-03 23:38:03 -05:00
Tom Christie
bf09c32de8
Code linting and added runtests.py
2014-08-19 13:28:07 +01:00
Tom Christie
e385a7b8eb
Merge master
2014-08-19 10:11:10 +01:00
Ron Cohen
05882cc599
Sending "Bearer" and "Bearer " resulted in a 500.
2014-07-25 10:55:53 +00:00
Xavier Ordoquy
d08536ad9d
Merge remote-tracking branch 'origin/master' into 2.4.0
...
Conflicts:
.travis.yml
docs/api-guide/fields.md
docs/api-guide/routers.md
docs/topics/release-notes.md
rest_framework/authentication.py
rest_framework/serializers.py
rest_framework/templatetags/rest_framework.py
rest_framework/tests/test_authentication.py
rest_framework/tests/test_filters.py
rest_framework/tests/test_hyperlinkedserializers.py
rest_framework/tests/test_serializer.py
rest_framework/tests/test_testing.py
rest_framework/utils/encoders.py
tox.ini
2014-04-13 00:05:57 +02:00
Benjamin Dauvergne
1909472aa2
authentication: allow all transport modes of access token in OAuth2Authentication
...
RFC6750 describe three transport modes for access tokens when accessing a
protected resource:
- Auhthorization header with the Bearer authentication type
- form-encoded body parameter
- URI query parameter
This patch add support for last two transport modes.
2014-03-19 12:43:45 +01:00
Eric Buehl
e0682e9298
don't implicitly import provider.oauth2
2014-03-05 17:15:52 +00:00
Tom Christie
52686420f4
Merge branch 'bennbollay-patch-1' into 2.4.0
...
Conflicts:
.travis.yml
docs/api-guide/routers.md
rest_framework/compat.py
tox.ini
2013-12-23 09:48:59 +00:00
Tom Christie
a87c55a93a
Compat fixes for django-oauth-plus versions 2.0-2.2.1
2013-12-13 21:57:07 +00:00
Philip Forget
5239362951
pass oauth_timestamp to oauth_provider
2013-11-14 18:02:07 -05:00
Tom Christie
e441f85109
Drop 1.3 support
2013-09-25 10:30:04 +01:00
Tom Christie
ab799ccc3e
Simplify APIClient implementation
2013-06-29 21:34:47 +01:00
Tom Christie
35022ca921
Refactor SessionAuthentication slightly
2013-06-29 08:14:05 +01:00
Tom Christie
69e5e3cc0d
Use timezone aware datetimes with oauth2 provider, when supported. Closes #947 .
2013-06-26 21:18:13 +01:00
Alex Burgel
ecb8a460c9
Fix serialization exception when using non-existent consumer
2013-06-05 17:02:44 -04:00
Tom Christie
95abe6e844
Cleanup docstrings
2013-04-25 12:47:34 +01:00
Atle Frenvik Sveen
80d28de034
Fix the fact that InvalidConsumerError and InvalidTokenError wasn't imported correctly from oauth_provider
2013-04-03 13:10:41 +02:00
Tom Christie
74fbd5ccc5
Fix bug with inactive user accessing OAuth
2013-04-03 09:20:36 +01:00
Fernando Rocha
b2cea84fae
Complete remove of client checks from oauth2
...
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 19:00:36 -03:00
Fernando Rocha
f1b8fee4f1
client credentials should be optional ( fix #759 )
...
client credentials should only be required on token
request
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 14:05:46 -03:00
Tom Christie
4055129662
If oauth is not attempted don't throw an error. Fixes #748 .
2013-03-22 21:31:50 +00:00
Tom Christie
2596c12a21
Fixes for auth header checking.
2013-03-08 22:56:24 +00:00
Tom Christie
650d8e6a8e
More bits of cleanup
2013-03-08 20:23:25 +00:00
Tom Christie
a4b33992a5
Merge OAuth2 work.
2013-03-07 17:43:13 +00:00
Tom Christie
1d62594fa9
Clean ups.
2013-03-07 15:44:36 +00:00
Tom Christie
44930f3091
Fix Py3k syntax errors
2013-03-07 09:15:05 +00:00
Tom Christie
d4e3610e71
Merge & clean OAuth support
2013-03-07 09:01:53 +00:00
Pierre Dulac
c449dd4f4d
Properly fail to wrong Authorization token type
2013-03-02 20:17:14 +01:00
Pierre Dulac
d4c2267187
Clean up some print and comments
2013-03-01 12:08:28 +01:00
Pierre Dulac
9d5c306038
Improve the django-oauth2-provider
import block
...
to avoid naming collision with `oauth2` used for OAuth 1
2013-03-01 11:53:30 +01:00
Pierre Dulac
da9d7fb8ec
Add the OAuth2Authentication class
2013-03-01 02:08:58 +01:00
swistakm
59a6f5f463
Move oauth2 and django-oauth-plus imports to compat and fix some minor issues
...
- alias oauth2 as oauth
- remove rouge print
- remove docstring markups
- OAuthAuthentication.authenticate() now returns (user, token) two-tuple on success
- don't set request.user because it's already set
2013-02-26 11:22:21 +01:00
swistakm
1aed9c1604
add OAuthAuthentication class
2013-02-25 16:58:16 +01:00
Tom Christie
b052c92ac3
Cleanup imports
...
Mostly adding `from __future__ import unicode_literals` everywhere.
2013-02-04 20:55:35 +00:00
Tom Christie
f4f237e3ee
3.2, 3.3 compat
2013-02-01 14:03:28 +00:00
Tom Christie
d9c7b1c585
Merge branch 'p3k' of https://github.com/linovia/django-rest-framework into working
...
Conflicts:
rest_framework/authentication.py
rest_framework/relations.py
rest_framework/serializers.py
rest_framework/settings.py
rest_framework/tests/authentication.py
rest_framework/tests/genericrelations.py
rest_framework/tests/generics.py
rest_framework/tests/relations_hyperlink.py
rest_framework/tests/relations_nested.py
rest_framework/tests/relations_pk.py
rest_framework/tests/serializer.py
2013-02-01 11:58:55 +00:00
Tom Christie
65b62d64ec
WWW-Authenticate responses
2013-01-21 21:29:49 +00:00
Xavier Ordoquy
510d6a3c55
Introduced HTTP_HEADER_ENCODING.
2013-01-07 23:26:14 +01:00
Xavier Ordoquy
06ae47752f
Also use the compat module in that file.
2013-01-03 12:49:57 +01:00
Xavier Ordoquy
b68263fb65
Default encoding should probably be latin-1 as some RFC seems to imply it.
2012-11-23 01:11:09 +01:00
Xavier Ordoquy
606c20f012
6 first tests passes under python 3.2
2012-11-22 02:08:00 +01:00
Xavier Ordoquy
b3698acb6c
First passing test under p3k \o/
2012-11-22 00:20:49 +01:00
Tom Christie
873a142af2
Implementing 401 vs 403 responses
2012-11-13 11:27:09 +00:00
Tom Christie
5ae49a4ec4
Add docs for 401 vs 403 responses
2012-10-17 14:59:53 +01:00
Tom Christie
3c8f01b985
Explicit CSRF failure message. Fixes #60 .
2012-10-15 14:03:36 +01:00
Tom Christie
9c1fba3483
Tweak parsers to take parser_context
2012-10-15 13:27:50 +01:00
Tom Christie
221ecd2182
Fix session auth
2012-10-10 16:36:25 +01:00