diff options
| author | Mjumbe Wawatu Poe | 2012-09-07 14:07:35 -0400 |
|---|---|---|
| committer | Mjumbe Wawatu Poe | 2012-09-07 14:07:35 -0400 |
| commit | 7f98741939ef9f919fe3c1fab9ecdd4d867543f6 (patch) | |
| tree | 0d3a0ffd36b13d39d90e677858feb70481b7136d /djangorestframework | |
| parent | 5a3874ee112490937f83fa5700899f3631a14128 (diff) | |
| download | django-rest-framework-7f98741939ef9f919fe3c1fab9ecdd4d867543f6.tar.bz2 | |
Use "Token" as the scheme for token auth
Diffstat (limited to 'djangorestframework')
| -rw-r--r-- | djangorestframework/tests/authentication.py | 4 | ||||
| -rw-r--r-- | djangorestframework/tokenauth/authentication.py | 23 |
2 files changed, 15 insertions, 12 deletions
diff --git a/djangorestframework/tests/authentication.py b/djangorestframework/tests/authentication.py index fb9996be..da003a05 100644 --- a/djangorestframework/tests/authentication.py +++ b/djangorestframework/tests/authentication.py @@ -127,13 +127,13 @@ class TokenAuthTests(TestCase): def test_post_form_passing_token_auth(self): """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF""" - auth = self.key + auth = 'Token %s' % self.key response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, 200) def test_post_json_passing_token_auth(self): """Ensure POSTing form over token auth with correct credentials passes and does not require CSRF""" - auth = self.key + auth = 'Token %s' % self.key response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, 200) diff --git a/djangorestframework/tokenauth/authentication.py b/djangorestframework/tokenauth/authentication.py index 35d56211..167edf96 100644 --- a/djangorestframework/tokenauth/authentication.py +++ b/djangorestframework/tokenauth/authentication.py @@ -15,19 +15,22 @@ class TokenAuthentication(BaseAuthentication): The BaseToken class is available as an abstract model to be derived from. The token key should be passed in as a string to the "Authorization" HTTP - header. + header. For example: + + Authorization: Token 0123456789abcdef0123456789abcdef + """ model = Token def authenticate(self, request): - key = request.META.get('HTTP_AUTHORIZATION', '').strip() - if not key: - return None + auth = request.META.get('HTTP_AUTHORIZATION', '').strip().split() + if len(auth) == 2 and auth[0].lower() == "token": + key = auth[1] - try: - token = self.model.objects.get(key=key) - except self.model.DoesNotExist: - return None + try: + token = self.model.objects.get(key=key) + except self.model.DoesNotExist: + return None - if token.user.is_active and not token.revoked: - return (token.user, token) + if token.user.is_active and not token.revoked: + return (token.user, token) |