Add a TokenAuthentication class in a sub-application

1 files changed, 33 insertions, 0 deletions

diff --git a/djangorestframework/tokenauth/authentication.py b/djangorestframework/tokenauth/authentication.py
new file mode 100644
index 00000000..35d56211
--- /dev/null
+++ b/djangorestframework/tokenauth/authentication.py
@@ -0,0 +1,33 @@
+from djangorestframework.authentication import BaseAuthentication
+from .models import Token
+
+class TokenAuthentication(BaseAuthentication):
+    """
+    Use a token model for authentication.
+
+    A custom token model may be used here, but must have the following minimum
+    properties:
+
+    * key -- The string identifying the token
+    * user -- The user to which the token belongs
+    * revoked -- The status of the token
+
+    The BaseToken class is available as an abstract model to be derived from.
+
+    The token key should be passed in as a string to the "Authorization" HTTP
+    header.
+    """
+    model = Token
+
+    def authenticate(self, request):
+        key = request.META.get('HTTP_AUTHORIZATION', '').strip()
+        if not key:
+            return None
+
+        try:
+             token = self.model.objects.get(key=key)
+        except self.model.DoesNotExist:
+             return None
+
+        if token.user.is_active and not token.revoked:
+            return (token.user, token)