Fixes for auth header checking.

author: Tom Christie 2013-03-08 22:56:24 +0000
committer: Tom Christie 2013-03-08 22:56:24 +0000
commit: 2596c12a21003d230beb101aa93ddf83a1995305 (patch)
tree: cf33394a92884b64000842583f63f46396cb42e7 /rest_framework
parent: 1016c14a8a9eef1031c1a4000a2ae257775339d5 (diff)
download: django-rest-framework-2596c12a21003d230beb101aa93ddf83a1995305.tar.bz2
2 files changed, 9 insertions, 6 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index 3000de3a..b4b73699 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -63,7 +63,8 @@ class BasicAuthentication(BaseAuthentication):
 
         if len(auth) == 1:
             msg = 'Invalid basic header. No credentials provided.'
-        if len(auth) > 2:
+            raise exceptions.AuthenticationFailed(msg)
+        elif len(auth) > 2:
             msg = 'Invalid basic header. Credentials string should not contain spaces.'
             raise exceptions.AuthenticationFailed(msg)
 
@@ -144,12 +145,13 @@ class TokenAuthentication(BaseAuthentication):
     def authenticate(self, request):
         auth = get_authorization_header(request).split()
 
-        if not auth or auth[0].lower() != "token":
+        if not auth or auth[0].lower() != b'token':
             return None
 
         if len(auth) == 1:
             msg = 'Invalid token header. No credentials provided.'
-        if len(auth) > 2:
+            raise exceptions.AuthenticationFailed(msg)
+        elif len(auth) > 2:
             msg = 'Invalid token header. Token string should not contain spaces.'
             raise exceptions.AuthenticationFailed(msg)
 
@@ -293,12 +295,13 @@ class OAuth2Authentication(BaseAuthentication):
 
         auth = get_authorization_header(request).split()
 
-        if not auth or auth[0].lower() != 'bearer':
+        if not auth or auth[0].lower() != b'bearer':
             return None
 
         if len(auth) == 1:
             msg = 'Invalid bearer header. No credentials provided.'
-        if len(auth) > 2:
+            raise exceptions.AuthenticationFailed(msg)
+        elif len(auth) > 2:
             msg = 'Invalid bearer header. Token string should not contain spaces.'
             raise exceptions.AuthenticationFailed(msg)
 
diff --git a/rest_framework/tests/authentication.py b/rest_framework/tests/authentication.py
index ddd61b63..9e86881a 100644
--- a/rest_framework/tests/authentication.py
+++ b/rest_framework/tests/authentication.py
@@ -159,7 +159,7 @@ class TokenAuthTests(TestCase):
 
     def test_post_form_passing_token_auth(self):
         """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF"""
-        auth = "Token " + self.key
+        auth = 'Token ' + self.key
         response = self.csrf_client.post('/token/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
author	Tom Christie	2013-03-08 22:56:24 +0000
committer	Tom Christie	2013-03-08 22:56:24 +0000
commit	2596c12a21003d230beb101aa93ddf83a1995305 (patch)
tree	cf33394a92884b64000842583f63f46396cb42e7 /rest_framework
parent	1016c14a8a9eef1031c1a4000a2ae257775339d5 (diff)
download	django-rest-framework-2596c12a21003d230beb101aa93ddf83a1995305.tar.bz2