diff options
| author | Xavier Ordoquy | 2014-04-13 00:05:57 +0200 |
|---|---|---|
| committer | Xavier Ordoquy | 2014-04-13 00:05:57 +0200 |
| commit | d08536ad9d026fb7126c430f6d9c18f8540aacd6 (patch) | |
| tree | a8a1d36ce76867e57da23379694ea0609801990b /rest_framework/authentication.py | |
| parent | 2911cd64ad67ba193e3d37322ee71692cb482623 (diff) | |
| parent | 93b9245b8714287a440023451ff7880a2f6e5b32 (diff) | |
| download | django-rest-framework-d08536ad9d026fb7126c430f6d9c18f8540aacd6.tar.bz2 | |
Merge remote-tracking branch 'origin/master' into 2.4.0
Conflicts:
.travis.yml
docs/api-guide/fields.md
docs/api-guide/routers.md
docs/topics/release-notes.md
rest_framework/authentication.py
rest_framework/serializers.py
rest_framework/templatetags/rest_framework.py
rest_framework/tests/test_authentication.py
rest_framework/tests/test_filters.py
rest_framework/tests/test_hyperlinkedserializers.py
rest_framework/tests/test_serializer.py
rest_framework/tests/test_testing.py
rest_framework/utils/encoders.py
tox.ini
Diffstat (limited to 'rest_framework/authentication.py')
| -rw-r--r-- | rest_framework/authentication.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index 1f8d37fa..cbc83574 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -7,6 +7,7 @@ import base64 from django.contrib.auth import authenticate from django.core.exceptions import ImproperlyConfigured from django.middleware.csrf import CsrfViewMiddleware +from django.conf import settings from rest_framework import exceptions, HTTP_HEADER_ENCODING from rest_framework.compat import oauth, oauth_provider, oauth_provider_store from rest_framework.compat import oauth2_provider, provider_now, check_nonce @@ -291,6 +292,7 @@ class OAuth2Authentication(BaseAuthentication): OAuth 2 authentication backend using `django-oauth2-provider` """ www_authenticate_realm = 'api' + allow_query_params_token = settings.DEBUG def __init__(self, *args, **kwargs): super(OAuth2Authentication, self).__init__(*args, **kwargs) @@ -308,7 +310,13 @@ class OAuth2Authentication(BaseAuthentication): auth = get_authorization_header(request).split() - if not auth or auth[0].lower() != b'bearer': + if auth and auth[0].lower() == b'bearer': + access_token = auth[1] + elif 'access_token' in request.POST: + access_token = request.POST['access_token'] + elif 'access_token' in request.GET and self.allow_query_params_token: + access_token = request.GET['access_token'] + else: return None if len(auth) == 1: @@ -318,7 +326,7 @@ class OAuth2Authentication(BaseAuthentication): msg = 'Invalid bearer header. Token string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) - return self.authenticate_credentials(request, auth[1]) + return self.authenticate_credentials(request, access_token) def authenticate_credentials(self, request, access_token): """ @@ -326,11 +334,11 @@ class OAuth2Authentication(BaseAuthentication): """ try: - token = oauth2_provider.models.AccessToken.objects.select_related('user') + token = oauth2_provider.oauth2.models.AccessToken.objects.select_related('user') # provider_now switches to timezone aware datetime when # the oauth2_provider version supports to it. token = token.get(token=access_token, expires__gt=provider_now()) - except oauth2_provider.models.AccessToken.DoesNotExist: + except oauth2_provider.oauth2.models.AccessToken.DoesNotExist: raise exceptions.AuthenticationFailed('Invalid token') user = token.user |