mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-10-29 06:57:36 +03:00
* Fix #9250: Prevent token overwrite and improve security - Fix key collision issue that could overwrite existing tokens - Use force_insert=True only for new token instances - Replace os.urandom with secrets.token_hex for better security - Add comprehensive test suite to verify fix and backward compatibility - Ensure existing tokens can still be updated without breaking changes * Fix code style: remove trailing whitespace and unused imports * Fix #9250: Prevent token overwrite with minimal changes - Add force_insert=True to Token.save() for new objects to prevent overwriting existing tokens - Revert generate_key method to original implementation (os.urandom + binascii) - Update tests to work with original setUp() approach - Remove verbose comments and unrelated changes per reviewer feedback * Fix flake8 violations: remove extra blank lines and trailing whitespace * Update tests/test_authtoken.py Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com> * Update tests/test_authtoken.py Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com> * Update tests/test_authtoken.py Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com> * Fix token key regeneration behavior and add test * Update tests/test_authtoken.py Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com> --------- Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| authtoken | ||
| locale | ||
| management | ||
| schemas | ||
| static/rest_framework | ||
| templates/rest_framework | ||
| templatetags | ||
| utils | ||
| __init__.py | ||
| apps.py | ||
| authentication.py | ||
| checks.py | ||
| compat.py | ||
| decorators.py | ||
| documentation.py | ||
| exceptions.py | ||
| fields.py | ||
| filters.py | ||
| generics.py | ||
| metadata.py | ||
| mixins.py | ||
| negotiation.py | ||
| pagination.py | ||
| parsers.py | ||
| permissions.py | ||
| relations.py | ||
| renderers.py | ||
| request.py | ||
| response.py | ||
| reverse.py | ||
| routers.py | ||
| serializers.py | ||
| settings.py | ||
| status.py | ||
| test.py | ||
| throttling.py | ||
| urlpatterns.py | ||
| urls.py | ||
| validators.py | ||
| versioning.py | ||
| views.py | ||
| viewsets.py | ||