diff options
| author | Fernando Rocha | 2013-03-27 19:00:36 -0300 |
|---|---|---|
| committer | Fernando Rocha | 2013-03-27 19:00:36 -0300 |
| commit | b2cea84fae4f721e8eb6432b3d1bab1309e21a00 (patch) | |
| tree | 69f163e1ad4d495507ba8bbe826e0e1d8dfaec3c | |
| parent | f1b8fee4f1e0ea2503d4e0453bdc3049edaa2598 (diff) | |
| download | django-rest-framework-b2cea84fae4f721e8eb6432b3d1bab1309e21a00.tar.bz2 | |
Complete remove of client checks from oauth2
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
| -rw-r--r-- | docs/api-guide/authentication.md | 2 | ||||
| -rw-r--r-- | rest_framework/authentication.py | 12 | ||||
| -rw-r--r-- | rest_framework/tests/authentication.py | 9 |
3 files changed, 3 insertions, 20 deletions
diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index 541c6575..f1dd6f5f 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -294,7 +294,7 @@ The only thing needed to make the `OAuth2Authentication` class work is to insert The command line to test the authentication looks like: - curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/?client_id=YOUR_CLIENT_ID\&client_secret=YOUR_CLIENT_SECRET + curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/ --- diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index f4626a2e..145d4295 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -316,19 +316,11 @@ class OAuth2Authentication(BaseAuthentication): """ Authenticate the request, given the access token. """ - client = None - - # Authenticate the client - if 'client_id' in request.REQUEST: - oauth2_client_form = oauth2_provider_forms.ClientAuthForm(request.REQUEST) - if not oauth2_client_form.is_valid(): - raise exceptions.AuthenticationFailed('Client could not be validated') - client = oauth2_client_form.cleaned_data.get('client') try: token = oauth2_provider.models.AccessToken.objects.select_related('user') - if client is not None: - token = token.filter(client=client) + # TODO: Change to timezone aware datetime when oauth2_provider add + # support to it. token = token.get(token=access_token, expires__gt=datetime.now()) except oauth2_provider.models.AccessToken.DoesNotExist: raise exceptions.AuthenticationFailed('Invalid token') diff --git a/rest_framework/tests/authentication.py b/rest_framework/tests/authentication.py index 375b19bd..629db422 100644 --- a/rest_framework/tests/authentication.py +++ b/rest_framework/tests/authentication.py @@ -500,15 +500,6 @@ class OAuth2Tests(TestCase): self.assertEqual(response.status_code, 401) @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed') - def test_get_form_with_wrong_client_data_failing_auth(self): - """Ensure GETing form over OAuth with incorrect client credentials fails""" - auth = self._create_authorization_header() - params = self._client_credentials_params() - params['client_id'] += 'a' - response = self.csrf_client.get('/oauth2-test/', params, HTTP_AUTHORIZATION=auth) - self.assertEqual(response.status_code, 401) - - @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed') def test_get_form_passing_auth(self): """Ensure GETing form over OAuth with correct client credentials succeed""" auth = self._create_authorization_header() |