diff options
| author | Tom Christie | 2013-03-08 22:56:24 +0000 |
|---|---|---|
| committer | Tom Christie | 2013-03-08 22:56:24 +0000 |
| commit | 2596c12a21003d230beb101aa93ddf83a1995305 (patch) | |
| tree | cf33394a92884b64000842583f63f46396cb42e7 | |
| parent | 1016c14a8a9eef1031c1a4000a2ae257775339d5 (diff) | |
| download | django-rest-framework-2596c12a21003d230beb101aa93ddf83a1995305.tar.bz2 | |
Fixes for auth header checking.
| -rw-r--r-- | rest_framework/authentication.py | 13 | ||||
| -rw-r--r-- | rest_framework/tests/authentication.py | 2 |
2 files changed, 9 insertions, 6 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index 3000de3a..b4b73699 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -63,7 +63,8 @@ class BasicAuthentication(BaseAuthentication): if len(auth) == 1: msg = 'Invalid basic header. No credentials provided.' - if len(auth) > 2: + raise exceptions.AuthenticationFailed(msg) + elif len(auth) > 2: msg = 'Invalid basic header. Credentials string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) @@ -144,12 +145,13 @@ class TokenAuthentication(BaseAuthentication): def authenticate(self, request): auth = get_authorization_header(request).split() - if not auth or auth[0].lower() != "token": + if not auth or auth[0].lower() != b'token': return None if len(auth) == 1: msg = 'Invalid token header. No credentials provided.' - if len(auth) > 2: + raise exceptions.AuthenticationFailed(msg) + elif len(auth) > 2: msg = 'Invalid token header. Token string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) @@ -293,12 +295,13 @@ class OAuth2Authentication(BaseAuthentication): auth = get_authorization_header(request).split() - if not auth or auth[0].lower() != 'bearer': + if not auth or auth[0].lower() != b'bearer': return None if len(auth) == 1: msg = 'Invalid bearer header. No credentials provided.' - if len(auth) > 2: + raise exceptions.AuthenticationFailed(msg) + elif len(auth) > 2: msg = 'Invalid bearer header. Token string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) diff --git a/rest_framework/tests/authentication.py b/rest_framework/tests/authentication.py index ddd61b63..9e86881a 100644 --- a/rest_framework/tests/authentication.py +++ b/rest_framework/tests/authentication.py @@ -159,7 +159,7 @@ class TokenAuthTests(TestCase): def test_post_form_passing_token_auth(self): """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF""" - auth = "Token " + self.key + auth = 'Token ' + self.key response = self.csrf_client.post('/token/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, status.HTTP_200_OK) |