From 2596c12a21003d230beb101aa93ddf83a1995305 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 8 Mar 2013 22:56:24 +0000 Subject: Fixes for auth header checking. --- rest_framework/authentication.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'rest_framework/authentication.py') diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py index 3000de3a..b4b73699 100644 --- a/rest_framework/authentication.py +++ b/rest_framework/authentication.py @@ -63,7 +63,8 @@ class BasicAuthentication(BaseAuthentication): if len(auth) == 1: msg = 'Invalid basic header. No credentials provided.' - if len(auth) > 2: + raise exceptions.AuthenticationFailed(msg) + elif len(auth) > 2: msg = 'Invalid basic header. Credentials string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) @@ -144,12 +145,13 @@ class TokenAuthentication(BaseAuthentication): def authenticate(self, request): auth = get_authorization_header(request).split() - if not auth or auth[0].lower() != "token": + if not auth or auth[0].lower() != b'token': return None if len(auth) == 1: msg = 'Invalid token header. No credentials provided.' - if len(auth) > 2: + raise exceptions.AuthenticationFailed(msg) + elif len(auth) > 2: msg = 'Invalid token header. Token string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) @@ -293,12 +295,13 @@ class OAuth2Authentication(BaseAuthentication): auth = get_authorization_header(request).split() - if not auth or auth[0].lower() != 'bearer': + if not auth or auth[0].lower() != b'bearer': return None if len(auth) == 1: msg = 'Invalid bearer header. No credentials provided.' - if len(auth) > 2: + raise exceptions.AuthenticationFailed(msg) + elif len(auth) > 2: msg = 'Invalid bearer header. Token string should not contain spaces.' raise exceptions.AuthenticationFailed(msg) -- cgit v1.2.3