Fix bug with inactive user accessing OAuth

author: Tom Christie 2013-04-03 09:20:36 +0100
committer: Tom Christie 2013-04-03 09:20:36 +0100
commit: 74fbd5ccc5b2aa2f0aab25ead5ffa36024079fcf (patch)
tree: 89da1f4949f2dd52d0dbee00c1bf016c119ea57b /rest_framework/authentication.py
parent: 399ac70b831d782b7d774950b59f3b2066ab86f7 (diff)
download: django-rest-framework-74fbd5ccc5b2aa2f0aab25ead5ffa36024079fcf.tar.bz2
1 files changed, 5 insertions, 3 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index 145d4295..3e7e89e8 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -10,7 +10,7 @@ from django.core.exceptions import ImproperlyConfigured
 from rest_framework import exceptions, HTTP_HEADER_ENCODING
 from rest_framework.compat import CsrfViewMiddleware
 from rest_framework.compat import oauth, oauth_provider, oauth_provider_store
-from rest_framework.compat import oauth2_provider, oauth2_provider_forms
+from rest_framework.compat import oauth2_provider
 from rest_framework.authtoken.models import Token
 
 
@@ -325,11 +325,13 @@ class OAuth2Authentication(BaseAuthentication):
         except oauth2_provider.models.AccessToken.DoesNotExist:
             raise exceptions.AuthenticationFailed('Invalid token')
 
-        if not token.user.is_active:
+        user = token.user
+
+        if not user.is_active:
             msg = 'User inactive or deleted: %s' % user.username
             raise exceptions.AuthenticationFailed(msg)
 
-        return (token.user, token)
+        return (user, token)
 
     def authenticate_header(self, request):
         """
author	Tom Christie	2013-04-03 09:20:36 +0100
committer	Tom Christie	2013-04-03 09:20:36 +0100
commit	74fbd5ccc5b2aa2f0aab25ead5ffa36024079fcf (patch)
tree	89da1f4949f2dd52d0dbee00c1bf016c119ea57b /rest_framework/authentication.py
parent	399ac70b831d782b7d774950b59f3b2066ab86f7 (diff)
download	django-rest-framework-74fbd5ccc5b2aa2f0aab25ead5ffa36024079fcf.tar.bz2