Miro Hrončok
ffdac0d936
TokenAuthentication: Allow custom keyword in the header ( #4097 )
...
This allows subclassing TokenAuthentication and setting custom keyword,
thus allowing the Authorization header to be for example:
Bearer 956e252a-513c-48c5-92dd-bfddc364e812
It doesn't change the behavior of TokenAuthentication itself,
it simply allows to reuse the logic of TokenAuthentication without
the need of copy pasting the class and changing one hardcoded string.
Related: #4080
2016-05-04 10:53:34 +01:00
Germán Larraín
e19b21ecc5
Handle incorrectly padded HTTP basic auth header ( #4090 )
2016-05-03 09:24:55 +01:00
Xavier Ordoquy
2622588b30
Typo correction.
2016-04-07 18:00:17 +02:00
Xavier Ordoquy
763aab6b45
Fix the string_types / text_types confusion introduced in #4025
2016-04-05 16:29:16 +02:00
Nitesh Lohchab
09aa8f76c4
python2.x and 3.x compatible
2016-04-03 18:39:32 +05:30
Nitesh Lohchab
c22b92a66c
type('') to str
2016-04-03 00:07:45 +05:30
S. Andrew Sheppard
1712c00001
update invalid token case
2016-01-05 09:42:22 -06:00
S. Andrew Sheppard
ff29fdd875
don't import authtoken model until needed
2015-12-30 15:44:19 -06:00
Tom Christie
d587ad1021
Use REST framework request parsing when accessing old-style .POST
2015-11-04 14:10:51 +00:00
Tymur Maryokhin
4e5da16961
Remove Django 1.4 compat code
2015-08-07 00:02:29 +02:00
José Padilla
7351a3f6ca
Sort imports with isort
2015-06-25 16:55:51 -04:00
José Padilla
83c9136c90
Cleanup import following PEP 8 style guide
2015-06-25 16:10:17 -04:00
Osvaldo Santana Neto
7ae71deb84
Handle invalid characters in headers
2015-06-03 14:55:34 -03:00
Petros Moisiadis
192719eed0
Improve coding style
...
On Tom's suggestion, improve coding style by using a single-line call to getattr() with a default value instead of a multi-line if/else clause.
2015-05-19 20:00:19 +03:00
Petros Moisiadis
a96ebd74b1
Fix flake8 error
...
Fix flake8 error
2015-05-19 19:48:53 +03:00
Petros Moisiadis
c63ea01f4f
Support User model in Django 1.4 that has not a USERNAME_FIELD attribute
...
Support User model in Django 1.4 that has not a USERNAME_FIELD attribute.
2015-05-19 19:05:50 +03:00
Petros Moisiadis
43b4ae752d
Import get_user_model from compat module
...
Import get_user_model from compat module to be compatible with older django versions (e.g. 1.4).
2015-05-19 18:00:17 +03:00
Petros Moisiadis
bb002262ac
Support basic authentication with custom user models that change username field
...
Support basic authentication with custom user models with a username field that is not named 'username'.
2015-05-19 17:42:44 +03:00
Tom Christie
fbb21caaaa
Merge master
2015-02-09 20:43:50 +00:00
Ofir Ovadia
58e7bbc8ec
Prefetching the user object when getting the token in TokenAuthentication.
...
Since the user object is fetched 4 lines after getting Token from the database, this removes a DB query for each token-authenticated request.
2015-02-04 16:08:41 +02:00
Tom Christie
8b4ce5c636
Minor authentication message improvement.
2015-02-04 09:07:10 +00:00
Craig Blaszczyk
91e316f781
prefer single quotes in source and double quotes in user visible strings; add some missing full stops to user visible strings
2015-01-07 12:46:23 +00:00
Craig Blaszczyk
4c32083b8b
use double quotes for user visible strings; end user visible strings in full stops; add some missing translation tags
2015-01-07 12:01:11 +00:00
Tymur Maryokhin
d9930181ee
Removed unused imports, pep8 fixes, typo fixes
2014-12-05 00:29:28 +01:00
José Padilla
0cc990792c
Merge branch 'version-3.1' into oauth_as_package
...
Conflicts:
requirements-test.txt
rest_framework/compat.py
tests/settings.py
tox.ini
2014-11-28 12:14:40 -04:00
Danilo Bargen
b187f53453
Changed return status for CSRF failures to HTTP 403
...
By default, Django returns "HTTP 403 Forbidden" responses when CSRF
validation failed[1]. CSRF is a case of authorization, not of
authentication. Therefore `PermissionDenied` should be raised instead
of `AuthenticationFailed`.
[1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-23 14:16:08 +02:00
Jharrod LaFon
baa518cd89
Moved OAuth support out of DRF and into a separate package, per #1767
2014-09-05 15:30:01 -07:00
dpanesso
1ab782a430
Using user.get_username() instead of user.username.
...
This solves an error when using a auth model that does not have a username field.
2014-09-03 23:38:03 -05:00
Tom Christie
bf09c32de8
Code linting and added runtests.py
2014-08-19 13:28:07 +01:00
Tom Christie
e385a7b8eb
Merge master
2014-08-19 10:11:10 +01:00
Ron Cohen
05882cc599
Sending "Bearer" and "Bearer " resulted in a 500.
2014-07-25 10:55:53 +00:00
Xavier Ordoquy
d08536ad9d
Merge remote-tracking branch 'origin/master' into 2.4.0
...
Conflicts:
.travis.yml
docs/api-guide/fields.md
docs/api-guide/routers.md
docs/topics/release-notes.md
rest_framework/authentication.py
rest_framework/serializers.py
rest_framework/templatetags/rest_framework.py
rest_framework/tests/test_authentication.py
rest_framework/tests/test_filters.py
rest_framework/tests/test_hyperlinkedserializers.py
rest_framework/tests/test_serializer.py
rest_framework/tests/test_testing.py
rest_framework/utils/encoders.py
tox.ini
2014-04-13 00:05:57 +02:00
Benjamin Dauvergne
1909472aa2
authentication: allow all transport modes of access token in OAuth2Authentication
...
RFC6750 describe three transport modes for access tokens when accessing a
protected resource:
- Auhthorization header with the Bearer authentication type
- form-encoded body parameter
- URI query parameter
This patch add support for last two transport modes.
2014-03-19 12:43:45 +01:00
Eric Buehl
e0682e9298
don't implicitly import provider.oauth2
2014-03-05 17:15:52 +00:00
Tom Christie
52686420f4
Merge branch 'bennbollay-patch-1' into 2.4.0
...
Conflicts:
.travis.yml
docs/api-guide/routers.md
rest_framework/compat.py
tox.ini
2013-12-23 09:48:59 +00:00
Tom Christie
a87c55a93a
Compat fixes for django-oauth-plus versions 2.0-2.2.1
2013-12-13 21:57:07 +00:00
Philip Forget
5239362951
pass oauth_timestamp to oauth_provider
2013-11-14 18:02:07 -05:00
Tom Christie
e441f85109
Drop 1.3 support
2013-09-25 10:30:04 +01:00
Tom Christie
ab799ccc3e
Simplify APIClient implementation
2013-06-29 21:34:47 +01:00
Tom Christie
35022ca921
Refactor SessionAuthentication slightly
2013-06-29 08:14:05 +01:00
Tom Christie
69e5e3cc0d
Use timezone aware datetimes with oauth2 provider, when supported. Closes #947 .
2013-06-26 21:18:13 +01:00
Alex Burgel
ecb8a460c9
Fix serialization exception when using non-existent consumer
2013-06-05 17:02:44 -04:00
Tom Christie
95abe6e844
Cleanup docstrings
2013-04-25 12:47:34 +01:00
Atle Frenvik Sveen
80d28de034
Fix the fact that InvalidConsumerError and InvalidTokenError wasn't imported correctly from oauth_provider
2013-04-03 13:10:41 +02:00
Tom Christie
74fbd5ccc5
Fix bug with inactive user accessing OAuth
2013-04-03 09:20:36 +01:00
Fernando Rocha
b2cea84fae
Complete remove of client checks from oauth2
...
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 19:00:36 -03:00
Fernando Rocha
f1b8fee4f1
client credentials should be optional ( fix #759 )
...
client credentials should only be required on token
request
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27 14:05:46 -03:00
Tom Christie
4055129662
If oauth is not attempted don't throw an error. Fixes #748 .
2013-03-22 21:31:50 +00:00
Tom Christie
2596c12a21
Fixes for auth header checking.
2013-03-08 22:56:24 +00:00
Tom Christie
650d8e6a8e
More bits of cleanup
2013-03-08 20:23:25 +00:00