aboutsummaryrefslogtreecommitdiffstats
path: root/rest_framework/authentication.py
AgeCommit message (Collapse)Author
2015-02-09Merge masterTom Christie
2015-02-04Prefetching the user object when getting the token in TokenAuthentication.Ofir Ovadia
Since the user object is fetched 4 lines after getting Token from the database, this removes a DB query for each token-authenticated request.
2015-02-04Minor authentication message improvement.Tom Christie
2015-01-07prefer single quotes in source and double quotes in user visible strings; ↵Craig Blaszczyk
add some missing full stops to user visible strings
2015-01-07use double quotes for user visible strings; end user visible strings in full ↵Craig Blaszczyk
stops; add some missing translation tags
2014-12-05Removed unused imports, pep8 fixes, typo fixesTymur Maryokhin
2014-11-28Merge branch 'version-3.1' into oauth_as_packageJosé Padilla
Conflicts: requirements-test.txt rest_framework/compat.py tests/settings.py tox.ini
2014-09-23Changed return status for CSRF failures to HTTP 403Danilo Bargen
By default, Django returns "HTTP 403 Forbidden" responses when CSRF validation failed[1]. CSRF is a case of authorization, not of authentication. Therefore `PermissionDenied` should be raised instead of `AuthenticationFailed`. [1] https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#rejected-requests
2014-09-05Moved OAuth support out of DRF and into a separate package, per #1767Jharrod LaFon
2014-09-03Using user.get_username() instead of user.username.dpanesso
This solves an error when using a auth model that does not have a username field.
2014-08-19Code linting and added runtests.pyTom Christie
2014-08-19Merge masterTom Christie
2014-07-25Sending "Bearer" and "Bearer " resulted in a 500.Ron Cohen
2014-04-13Merge remote-tracking branch 'origin/master' into 2.4.0Xavier Ordoquy
Conflicts: .travis.yml docs/api-guide/fields.md docs/api-guide/routers.md docs/topics/release-notes.md rest_framework/authentication.py rest_framework/serializers.py rest_framework/templatetags/rest_framework.py rest_framework/tests/test_authentication.py rest_framework/tests/test_filters.py rest_framework/tests/test_hyperlinkedserializers.py rest_framework/tests/test_serializer.py rest_framework/tests/test_testing.py rest_framework/utils/encoders.py tox.ini
2014-03-19authentication: allow all transport modes of access token in ↵Benjamin Dauvergne
OAuth2Authentication RFC6750 describe three transport modes for access tokens when accessing a protected resource: - Auhthorization header with the Bearer authentication type - form-encoded body parameter - URI query parameter This patch add support for last two transport modes.
2014-03-05don't implicitly import provider.oauth2Eric Buehl
2013-12-23Merge branch 'bennbollay-patch-1' into 2.4.0Tom Christie
Conflicts: .travis.yml docs/api-guide/routers.md rest_framework/compat.py tox.ini
2013-12-13Compat fixes for django-oauth-plus versions 2.0-2.2.1Tom Christie
2013-11-14pass oauth_timestamp to oauth_providerPhilip Forget
2013-09-25Drop 1.3 supportTom Christie
2013-06-29Simplify APIClient implementationTom Christie
2013-06-29Refactor SessionAuthentication slightlyTom Christie
2013-06-26Use timezone aware datetimes with oauth2 provider, when supported. Closes #947.Tom Christie
2013-06-05Fix serialization exception when using non-existent consumerAlex Burgel
2013-04-25Cleanup docstringsTom Christie
2013-04-03Fix the fact that InvalidConsumerError and InvalidTokenError wasn't imported ↵Atle Frenvik Sveen
correctly from oauth_provider
2013-04-03Fix bug with inactive user accessing OAuthTom Christie
2013-03-27Complete remove of client checks from oauth2Fernando Rocha
Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-27client credentials should be optional (fix #759)Fernando Rocha
client credentials should only be required on token request Signed-off-by: Fernando Rocha <fernandogrd@gmail.com>
2013-03-22If oauth is not attempted don't throw an error. Fixes #748.Tom Christie
2013-03-08Fixes for auth header checking.Tom Christie
2013-03-08More bits of cleanupTom Christie
2013-03-07Merge OAuth2 work.Tom Christie
2013-03-07Clean ups.Tom Christie
2013-03-07Fix Py3k syntax errorsTom Christie
2013-03-07Merge & clean OAuth supportTom Christie
2013-03-02Properly fail to wrong Authorization token typePierre Dulac
2013-03-01Clean up some print and commentsPierre Dulac
2013-03-01Improve the `django-oauth2-provider` import blockPierre Dulac
to avoid naming collision with `oauth2` used for OAuth 1
2013-03-01Add the OAuth2Authentication classPierre Dulac
2013-02-26Move oauth2 and django-oauth-plus imports to compat and fix some minor issuesswistakm
- alias oauth2 as oauth - remove rouge print - remove docstring markups - OAuthAuthentication.authenticate() now returns (user, token) two-tuple on success - don't set request.user because it's already set
2013-02-25add OAuthAuthentication classswistakm
2013-02-04Cleanup importsTom Christie
Mostly adding `from __future__ import unicode_literals` everywhere.
2013-02-013.2, 3.3 compatTom Christie
2013-02-01Merge branch 'p3k' of https://github.com/linovia/django-rest-framework into ↵Tom Christie
working Conflicts: rest_framework/authentication.py rest_framework/relations.py rest_framework/serializers.py rest_framework/settings.py rest_framework/tests/authentication.py rest_framework/tests/genericrelations.py rest_framework/tests/generics.py rest_framework/tests/relations_hyperlink.py rest_framework/tests/relations_nested.py rest_framework/tests/relations_pk.py rest_framework/tests/serializer.py
2013-01-21WWW-Authenticate responsesTom Christie
2013-01-07Introduced HTTP_HEADER_ENCODING.Xavier Ordoquy
2013-01-03Also use the compat module in that file.Xavier Ordoquy
2012-11-23Default encoding should probably be latin-1 as some RFC seems to imply it.Xavier Ordoquy
2012-11-226 first tests passes under python 3.2Xavier Ordoquy
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 22:17:31 +0000