diff options
| author | Tom Christie | 2013-03-30 15:40:11 +0000 |
|---|---|---|
| committer | Tom Christie | 2013-03-30 15:40:11 +0000 |
| commit | 399ac70b831d782b7d774950b59f3b2066ab86f7 (patch) | |
| tree | e123ad7e60bd45a7e5ba1fe12d596d200cb2392e /rest_framework/authentication.py | |
| parent | c4eda3a653ada3110dd6c128f176b15071cb8cfe (diff) | |
| parent | 2e06f5c832479c8802f8bd8654fba5597ee228cc (diff) | |
| download | django-rest-framework-399ac70b831d782b7d774950b59f3b2066ab86f7.tar.bz2 | |
Merge branch 'master' of https://github.com/tomchristie/django-rest-framework
Diffstat (limited to 'rest_framework/authentication.py')
| -rw-r--r-- | rest_framework/authentication.py | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index 8f4ec536..145d4295 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -2,14 +2,16 @@ Provides a set of pluggable authentication policies. """ from __future__ import unicode_literals +import base64 +from datetime import datetime + from django.contrib.auth import authenticate from django.core.exceptions import ImproperlyConfigured from rest_framework import exceptions, HTTP_HEADER_ENCODING from rest_framework.compat import CsrfViewMiddleware from rest_framework.compat import oauth, oauth_provider, oauth_provider_store -from rest_framework.compat import oauth2_provider, oauth2_provider_forms, oauth2_provider_backends +from rest_framework.compat import oauth2_provider, oauth2_provider_forms from rest_framework.authtoken.models import Token -import base64 def get_authorization_header(request): @@ -315,21 +317,15 @@ class OAuth2Authentication(BaseAuthentication): Authenticate the request, given the access token. """ - # Authenticate the client - oauth2_client_form = oauth2_provider_forms.ClientAuthForm(request.REQUEST) - if not oauth2_client_form.is_valid(): - raise exceptions.AuthenticationFailed('Client could not be validated') - client = oauth2_client_form.cleaned_data.get('client') - - # Retrieve the `OAuth2AccessToken` instance from the access_token - auth_backend = oauth2_provider_backends.AccessTokenBackend() - token = auth_backend.authenticate(access_token, client) - if token is None: + try: + token = oauth2_provider.models.AccessToken.objects.select_related('user') + # TODO: Change to timezone aware datetime when oauth2_provider add + # support to it. + token = token.get(token=access_token, expires__gt=datetime.now()) + except oauth2_provider.models.AccessToken.DoesNotExist: raise exceptions.AuthenticationFailed('Invalid token') - user = token.user - - if not user.is_active: + if not token.user.is_active: msg = 'User inactive or deleted: %s' % user.username raise exceptions.AuthenticationFailed(msg) |