diff options
| author | Tom Christie | 2014-03-21 12:23:49 +0000 |
|---|---|---|
| committer | Tom Christie | 2014-03-21 12:23:49 +0000 |
| commit | 17f087173665fc5b67e1afe94d77b47d37a633fe (patch) | |
| tree | b1dfdbe27214fcfb80e2b4f207b40ec7d6d83481 /rest_framework/authentication.py | |
| parent | 58cae22970361539cffb3a36194ed8b8819b082b (diff) | |
| parent | 1909472aa27907190467b81a10fc4ee496bb8889 (diff) | |
| download | django-rest-framework-17f087173665fc5b67e1afe94d77b47d37a633fe.tar.bz2 | |
Merge pull request #1469 from entrouvert/master
authentication: allow all transport modes of access token in OAuth2Authentication
Diffstat (limited to 'rest_framework/authentication.py')
| -rw-r--r-- | rest_framework/authentication.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index b0e88d88..da9ca510 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -6,6 +6,7 @@ import base64 from django.contrib.auth import authenticate from django.core.exceptions import ImproperlyConfigured +from django.conf import settings from rest_framework import exceptions, HTTP_HEADER_ENCODING from rest_framework.compat import CsrfViewMiddleware from rest_framework.compat import oauth, oauth_provider, oauth_provider_store @@ -291,6 +292,7 @@ class OAuth2Authentication(BaseAuthentication): OAuth 2 authentication backend using `django-oauth2-provider` """ www_authenticate_realm = 'api' + allow_query_params_token = settings.DEBUG def __init__(self, *args, **kwargs): super(OAuth2Authentication, self).__init__(*args, **kwargs) @@ -308,7 +310,13 @@ class OAuth2Authentication(BaseAuthentication): auth = get_authorization_header(request).split() - if not auth or auth[0].lower() != b'bearer': + if auth and auth[0].lower() == b'bearer': + access_token = auth[1] + elif 'access_token' in request.POST: + access_token = request.POST['access_token'] + elif 'access_token' in request.GET and self.allow_query_params_token: + access_token = request.GET['access_token'] + else: return None if len(auth) == 1: @@ -318,7 +326,7 @@ class OAuth2Authentication(BaseAuthentication): msg = 'Invalid bearer header. Token string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) - return self.authenticate_credentials(request, auth[1]) + return self.authenticate_credentials(request, access_token) def authenticate_credentials(self, request, access_token): """ |