Getting tests passing

2 files changed, 5 insertions, 3 deletions

diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py
index 99e99ae3..edeae857 100644
--- a/rest_framework/authtoken/serializers.py
+++ b/rest_framework/authtoken/serializers.py
@@ -19,11 +19,12 @@ class AuthTokenSerializer(serializers.Serializer):
                 if not user.is_active:
                     msg = _('User account is disabled.')
                     raise serializers.ValidationError(msg)
-                attrs['user'] = user
-                return attrs
             else:
                 msg = _('Unable to login with provided credentials.')
                 raise serializers.ValidationError(msg)
         else:
             msg = _('Must include "username" and "password"')
             raise serializers.ValidationError(msg)
+
+        attrs['user'] = user
+        return attrs
diff --git a/rest_framework/authtoken/views.py b/rest_framework/authtoken/views.py
index 7c03cb76..94e6f061 100644
--- a/rest_framework/authtoken/views.py
+++ b/rest_framework/authtoken/views.py
@@ -18,7 +18,8 @@ class ObtainAuthToken(APIView):
     def post(self, request):
         serializer = self.serializer_class(data=request.DATA)
         if serializer.is_valid():
-            token, created = Token.objects.get_or_create(user=serializer.object['user'])
+            user = serializer.validated_data['user']
+            token, created = Token.objects.get_or_create(user=user)
             return Response({'token': token.key})
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)