From ed1375485906f261449b92fe6e20715530625d07 Mon Sep 17 00:00:00 2001
From: Michael Elovskikh
Date: Thu, 17 Jan 2013 17:17:53 +0600
Subject: Added PATCH HTTP method to the docs

---
 docs/api-guide/authentication.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'docs/api-guide/authentication.md')

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index afd9a261..2d34d788 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -134,7 +134,7 @@ If successfully authenticated, `SessionAuthentication` provides the following cr
 * `request.user` will be a Django `User` instance.
 * `request.auth` will be `None`.
 
-If you're using an AJAX style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as `PUT`, `POST` or `DELETE` requests.  See the [Django CSRF documentation][csrf-ajax] for more details.
+If you're using an AJAX style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as `PUT`, `PATCH`, `POST` or `DELETE` requests.  See the [Django CSRF documentation][csrf-ajax] for more details.
 
 # Custom authentication
 
-- 
cgit v1.2.3


From e649f2ec61a51beddf56132b3f9fa0a3d4fe086b Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Mon, 28 Jan 2013 07:36:57 +0000
Subject: Example custom authentication.  Fixes #301.

---
 docs/api-guide/authentication.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'docs/api-guide/authentication.md')

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index ac690bdc..1795cfaf 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -194,6 +194,24 @@ You *may* also override the `.authentication_header(self, request)` method.  If
 
 If the `.authentication_header()` method is not overridden, the authentication scheme will return `HTTP 403 Forbidden` responses when an unauthenticated request is denied access.
 
+## Example
+
+The following example will authenticate any incoming request as the user given by the username in a custom request header named 'X_USERNAME'.
+
+    class ExampleAuthentication(authentication.BaseAuthentication):
+        def has_permission(self, request, view, obj=None):
+            username = request.META.get('X_USERNAME')
+            if not username:
+                return None
+
+            try:
+                user = User.objects.get(username=username)
+            except User.DoesNotExist:
+                raise authenticate.AuthenticationFailed('No such user')
+            
+            return (user, None)
+                
+
 [cite]: http://jacobian.org/writing/rest-worst-practices/
 [http401]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
 [http403]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4
-- 
cgit v1.2.3


From 661c8f9ad56a1f5f35e4a769ac44b668227b14e6 Mon Sep 17 00:00:00 2001
From: swistakm
Date: Mon, 28 Jan 2013 13:05:52 +0100
Subject: fix mistake in docs

---
 docs/api-guide/authentication.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'docs/api-guide/authentication.md')

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index da494746..59afc2b9 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -190,9 +190,9 @@ Typically the approach you should take is:
 * If authentication is not attempted, return `None`.  Any other authentication schemes also in use will still be checked.
 * If authentication is attempted but fails, raise a `AuthenticationFailed` exception.  An error response will be returned immediately, without checking any other authentication schemes.
 
-You *may* also override the `.authentication_header(self, request)` method.  If implemented, it should return a string that will be used as the value of the `WWW-Authenticate` header in a `HTTP 401 Unauthorized` response.
+You *may* also override the `.authenticate_header(self, request)` method.  If implemented, it should return a string that will be used as the value of the `WWW-Authenticate` header in a `HTTP 401 Unauthorized` response.
 
-If the `.authentication_header()` method is not overridden, the authentication scheme will return `HTTP 403 Forbidden` responses when an unauthenticated request is denied access.
+If the `.authenticate_header()` method is not overridden, the authentication scheme will return `HTTP 403 Forbidden` responses when an unauthenticated request is denied access.
 
 ## Example
 
-- 
cgit v1.2.3