encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-11-04 01:47:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
5,273 Commits 16 Branches 134 Tags 128 MiB
b3956bc591
Commit Graph

58 Commits

Author SHA1 Message Date
Tom Christie
fbb21caaaa Merge master 2015-02-09 20:43:50 +00:00
Ofir Ovadia
58e7bbc8ec Prefetching the user object when getting the token in TokenAuthentication. 
Since the user object is fetched 4 lines after getting Token from the database, this removes a DB query for each token-authenticated request.
 2015-02-04 16:08:41 +02:00
Tom Christie
8b4ce5c636 Minor authentication message improvement. 2015-02-04 09:07:10 +00:00
Craig Blaszczyk
91e316f781 prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings 2015-01-07 12:46:23 +00:00
Craig Blaszczyk
4c32083b8b use double quotes for user visible strings; end user visible strings in full stops; add some missing translation tags 2015-01-07 12:01:11 +00:00
Tymur Maryokhin
d9930181ee Removed unused imports, pep8 fixes, typo fixes 2014-12-05 00:29:28 +01:00
José Padilla
0cc990792c Merge branch 'version-3.1' into oauth_as_package 
Conflicts:
	requirements-test.txt
	rest_framework/compat.py
	tests/settings.py
	tox.ini
 2014-11-28 12:14:40 -04:00
Danilo Bargen
b187f53453 Changed return status for CSRF failures to HTTP 403 
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.

[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
 2014-09-23 14:16:08 +02:00
Jharrod LaFon
baa518cd89 Moved OAuth support out of DRF and into a separate package, per #1767 2014-09-05 15:30:01 -07:00
dpanesso
1ab782a430 Using user.get_username() instead of user.username. 
This solves an error when using a auth model that does not have a username field.
 2014-09-03 23:38:03 -05:00
Tom Christie
bf09c32de8 Code linting and added runtests.py 2014-08-19 13:28:07 +01:00
Tom Christie
e385a7b8eb Merge master 2014-08-19 10:11:10 +01:00
Ron Cohen
05882cc599 Sending "Bearer" and "Bearer " resulted in a 500. 2014-07-25 10:55:53 +00:00
Xavier Ordoquy
d08536ad9d Merge remote-tracking branch 'origin/master' into 2.4.0 
Conflicts:
	.travis.yml
	docs/api-guide/fields.md
	docs/api-guide/routers.md
	docs/topics/release-notes.md
	rest_framework/authentication.py
	rest_framework/serializers.py
	rest_framework/templatetags/rest_framework.py
	rest_framework/tests/test_authentication.py
	rest_framework/tests/test_filters.py
	rest_framework/tests/test_hyperlinkedserializers.py
	rest_framework/tests/test_serializer.py
	rest_framework/tests/test_testing.py
	rest_framework/utils/encoders.py
	tox.ini
 2014-04-13 00:05:57 +02:00
Benjamin Dauvergne
1909472aa2 authentication: allow all transport modes of access token in OAuth2Authentication 
RFC6750 describe three transport modes for access tokens when accessing a
protected resource:
- Auhthorization header with the Bearer authentication type
- form-encoded body parameter
- URI query parameter

This patch add support for last two transport modes.
 2014-03-19 12:43:45 +01:00
Eric Buehl
e0682e9298 don't implicitly import provider.oauth2 2014-03-05 17:15:52 +00:00
Tom Christie
52686420f4 Merge branch 'bennbollay-patch-1' into 2.4.0 
Conflicts:
	.travis.yml
	docs/api-guide/routers.md
	rest_framework/compat.py
	tox.ini
 2013-12-23 09:48:59 +00:00
Tom Christie
a87c55a93a Compat fixes for django-oauth-plus versions 2.0-2.2.1 2013-12-13 21:57:07 +00:00
Philip Forget
5239362951 pass oauth_timestamp to oauth_provider 2013-11-14 18:02:07 -05:00
Tom Christie
e441f85109 Drop 1.3 support 2013-09-25 10:30:04 +01:00
Tom Christie
ab799ccc3e Simplify APIClient implementation 2013-06-29 21:34:47 +01:00
Tom Christie
35022ca921 Refactor SessionAuthentication slightly 2013-06-29 08:14:05 +01:00
Tom Christie
69e5e3cc0d Use timezone aware datetimes with oauth2 provider, when supported. Closes #947. 2013-06-26 21:18:13 +01:00
Alex Burgel
ecb8a460c9 Fix serialization exception when using non-existent consumer 2013-06-05 17:02:44 -04:00
Tom Christie
95abe6e844 Cleanup docstrings 2013-04-25 12:47:34 +01:00
Atle Frenvik Sveen
80d28de034 Fix the fact that InvalidConsumerError and InvalidTokenError wasn't imported correctly from oauth_provider 2013-04-03 13:10:41 +02:00
Tom Christie
74fbd5ccc5 Fix bug with inactive user accessing OAuth 2013-04-03 09:20:36 +01:00
Fernando Rocha
b2cea84fae Complete remove of client checks from oauth2 
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
 2013-03-27 19:00:36 -03:00
Fernando Rocha
f1b8fee4f1 client credentials should be optional (fix #759) 
client credentials should only be required on token
request

Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
 2013-03-27 14:05:46 -03:00
Tom Christie
4055129662 If oauth is not attempted don't throw an error. Fixes #748. 2013-03-22 21:31:50 +00:00
Tom Christie
2596c12a21 Fixes for auth header checking. 2013-03-08 22:56:24 +00:00
Tom Christie
650d8e6a8e More bits of cleanup 2013-03-08 20:23:25 +00:00
Tom Christie
a4b33992a5 Merge OAuth2 work. 2013-03-07 17:43:13 +00:00
Tom Christie
1d62594fa9 Clean ups. 2013-03-07 15:44:36 +00:00
Tom Christie
44930f3091 Fix Py3k syntax errors 2013-03-07 09:15:05 +00:00
Tom Christie
d4e3610e71 Merge & clean OAuth support 2013-03-07 09:01:53 +00:00
Pierre Dulac
c449dd4f4d Properly fail to wrong Authorization token type 2013-03-02 20:17:14 +01:00
Pierre Dulac
d4c2267187 Clean up some print and comments 2013-03-01 12:08:28 +01:00
Pierre Dulac
9d5c306038 Improve the django-oauth2-provider import block 
to avoid naming collision with `oauth2` used for OAuth 1
 2013-03-01 11:53:30 +01:00
Pierre Dulac
da9d7fb8ec Add the OAuth2Authentication class 2013-03-01 02:08:58 +01:00
swistakm
59a6f5f463 Move oauth2 and django-oauth-plus imports to compat and fix some minor issues 
- alias oauth2 as oauth
- remove rouge print
- remove docstring markups
- OAuthAuthentication.authenticate() now returns (user, token) two-tuple on success
- don't set request.user because it's already set
 2013-02-26 11:22:21 +01:00
swistakm
1aed9c1604 add OAuthAuthentication class 2013-02-25 16:58:16 +01:00
Tom Christie
b052c92ac3 Cleanup imports 
Mostly adding `from __future__ import unicode_literals` everywhere.
 2013-02-04 20:55:35 +00:00
Tom Christie
f4f237e3ee 3.2, 3.3 compat 2013-02-01 14:03:28 +00:00
Tom Christie
d9c7b1c585 Merge branch 'p3k' of https://github.com/linovia/django-rest-framework into working 
Conflicts:
	rest_framework/authentication.py
	rest_framework/relations.py
	rest_framework/serializers.py
	rest_framework/settings.py
	rest_framework/tests/authentication.py
	rest_framework/tests/genericrelations.py
	rest_framework/tests/generics.py
	rest_framework/tests/relations_hyperlink.py
	rest_framework/tests/relations_nested.py
	rest_framework/tests/relations_pk.py
	rest_framework/tests/serializer.py
 2013-02-01 11:58:55 +00:00
Tom Christie
65b62d64ec WWW-Authenticate responses 2013-01-21 21:29:49 +00:00
Xavier Ordoquy
510d6a3c55 Introduced HTTP_HEADER_ENCODING. 2013-01-07 23:26:14 +01:00
Xavier Ordoquy
06ae47752f Also use the compat module in that file. 2013-01-03 12:49:57 +01:00
Xavier Ordoquy
b68263fb65 Default encoding should probably be latin-1 as some RFC seems to imply it. 2012-11-23 01:11:09 +01:00
Xavier Ordoquy
606c20f012 6 first tests passes under python 3.2 2012-11-22 02:08:00 +01:00