From 4a2526bd1e067104a1553a3e158016fe9ad285bb Mon Sep 17 00:00:00 2001 From: Rob Romano Date: Sat, 10 Nov 2012 16:09:14 -0800 Subject: Added authtoken login/logout urlpatterns and views to support scripted logins and logouts using TokenAuthentication. Added unittests. --- rest_framework/authtoken/serializers.py | 37 +++++++++++++++++++++++++++++++++ rest_framework/authtoken/urls.py | 21 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 rest_framework/authtoken/serializers.py create mode 100644 rest_framework/authtoken/urls.py (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py new file mode 100644 index 00000000..8e0128c1 --- /dev/null +++ b/rest_framework/authtoken/serializers.py @@ -0,0 +1,37 @@ +from django.contrib.auth import authenticate + +from rest_framework import serializers +from rest_framework.authtoken.models import Token + + +class AuthTokenSerializer(serializers.Serializer): + token = serializers.Field(source="key") + username = serializers.CharField(max_length=30) + password = serializers.CharField() + + def validate(self, attrs): + username = attrs.get('username') + password = attrs.get('password') + + if username and password: + user = authenticate(username=username, password=password) + + if user: + if not user.is_active: + raise serializers.ValidationError('User account is disabled.') + attrs['user'] = user + return attrs + else: + raise serializers.ValidationError('Unable to login with provided credentials.') + else: + raise serializers.ValidationError('Must include "username" and "password"') + + def convert_object(self, obj): + ret = self._dict_class() + ret['token'] = obj.key + ret['user'] = obj.user.id + return ret + + def restore_object(self, attrs, instance=None): + token, created = Token.objects.get_or_create(user=attrs['user']) + return token diff --git a/rest_framework/authtoken/urls.py b/rest_framework/authtoken/urls.py new file mode 100644 index 00000000..2a3e8115 --- /dev/null +++ b/rest_framework/authtoken/urls.py @@ -0,0 +1,21 @@ +""" +Login and logout views for token authentication. + +Add these to your root URLconf if you're using token authentication +your API requires authentication. + +The urls must be namespaced as 'rest_framework', and you should make sure +your authentication settings include `TokenAuthentication`. + + urlpatterns = patterns('', + ... + url(r'^auth-token', include('rest_framework.authtoken.urls', namespace='rest_framework')) + ) +""" +from django.conf.urls.defaults import patterns, url +from rest_framework.authtoken.views import AuthTokenView + +urlpatterns = patterns('rest_framework.authtoken.views', + url(r'^login/$', AuthTokenView.as_view(), name='token_login'), +# url(r'^logout/$', 'token_logout', name='token_logout'), +) -- cgit v1.2.3 From bd92db3c672137fa68185dbc0f453f7cea7caff3 Mon Sep 17 00:00:00 2001 From: Rob Romano Date: Sat, 10 Nov 2012 16:17:50 -0800 Subject: Added authtoken login/logout urlpatterns and views --- rest_framework/authtoken/urls.py | 6 +++--- rest_framework/authtoken/views.py | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/urls.py b/rest_framework/authtoken/urls.py index 2a3e8115..8bea46c0 100644 --- a/rest_framework/authtoken/urls.py +++ b/rest_framework/authtoken/urls.py @@ -13,9 +13,9 @@ your authentication settings include `TokenAuthentication`. ) """ from django.conf.urls.defaults import patterns, url -from rest_framework.authtoken.views import AuthTokenView +from rest_framework.authtoken.views import AuthTokenLoginView, AuthTokenLogoutView urlpatterns = patterns('rest_framework.authtoken.views', - url(r'^login/$', AuthTokenView.as_view(), name='token_login'), -# url(r'^logout/$', 'token_logout', name='token_logout'), + url(r'^login/$', AuthTokenLoginView.as_view(), name='token_login'), + url(r'^logout/$', AuthTokenLogoutView.as_view(), name='token_logout'), ) diff --git a/rest_framework/authtoken/views.py b/rest_framework/authtoken/views.py index e69de29b..a52f0a77 100644 --- a/rest_framework/authtoken/views.py +++ b/rest_framework/authtoken/views.py @@ -0,0 +1,19 @@ +from rest_framework.views import APIView +from rest_framework.generics import CreateAPIView +from rest_framework.authtoken.models import Token +from rest_framework.authtoken.serializers import AuthTokenSerializer +from django.http import HttpResponse + +class AuthTokenLoginView(CreateAPIView): + model = Token + serializer_class = AuthTokenSerializer + + +class AuthTokenLogoutView(APIView): + def post(self, request): + if request.user.is_authenticated() and request.auth: + request.auth.delete() + return HttpResponse("logged out") + else: + return HttpResponse("not logged in") + -- cgit v1.2.3 From ce3ccb91dc2a7aaf8ff41ac24045c558d641839e Mon Sep 17 00:00:00 2001 From: Rob Romano Date: Mon, 12 Nov 2012 15:16:53 -0800 Subject: Updates to login view for TokenAuthentication from feedback from Tom --- rest_framework/authtoken/serializers.py | 15 +-------------- rest_framework/authtoken/urls.py | 5 ++--- rest_framework/authtoken/views.py | 27 +++++++++++++++------------ 3 files changed, 18 insertions(+), 29 deletions(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py index 8e0128c1..a5ed6e6d 100644 --- a/rest_framework/authtoken/serializers.py +++ b/rest_framework/authtoken/serializers.py @@ -1,12 +1,8 @@ from django.contrib.auth import authenticate - from rest_framework import serializers -from rest_framework.authtoken.models import Token - class AuthTokenSerializer(serializers.Serializer): - token = serializers.Field(source="key") - username = serializers.CharField(max_length=30) + username = serializers.CharField() password = serializers.CharField() def validate(self, attrs): @@ -26,12 +22,3 @@ class AuthTokenSerializer(serializers.Serializer): else: raise serializers.ValidationError('Must include "username" and "password"') - def convert_object(self, obj): - ret = self._dict_class() - ret['token'] = obj.key - ret['user'] = obj.user.id - return ret - - def restore_object(self, attrs, instance=None): - token, created = Token.objects.get_or_create(user=attrs['user']) - return token diff --git a/rest_framework/authtoken/urls.py b/rest_framework/authtoken/urls.py index 8bea46c0..87872136 100644 --- a/rest_framework/authtoken/urls.py +++ b/rest_framework/authtoken/urls.py @@ -13,9 +13,8 @@ your authentication settings include `TokenAuthentication`. ) """ from django.conf.urls.defaults import patterns, url -from rest_framework.authtoken.views import AuthTokenLoginView, AuthTokenLogoutView +from rest_framework.authtoken.views import AuthTokenView urlpatterns = patterns('rest_framework.authtoken.views', - url(r'^login/$', AuthTokenLoginView.as_view(), name='token_login'), - url(r'^logout/$', AuthTokenLogoutView.as_view(), name='token_logout'), + url(r'^login/$', AuthTokenView.as_view(), name='token_login'), ) diff --git a/rest_framework/authtoken/views.py b/rest_framework/authtoken/views.py index a52f0a77..e027dff1 100644 --- a/rest_framework/authtoken/views.py +++ b/rest_framework/authtoken/views.py @@ -1,19 +1,22 @@ from rest_framework.views import APIView -from rest_framework.generics import CreateAPIView +from rest_framework import status +from rest_framework import parsers +from rest_framework import renderers +from rest_framework.response import Response from rest_framework.authtoken.models import Token from rest_framework.authtoken.serializers import AuthTokenSerializer -from django.http import HttpResponse -class AuthTokenLoginView(CreateAPIView): +class AuthTokenView(APIView): + throttle_classes = () + permission_classes = () + parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,) + renderer_classes = (renderers.JSONRenderer,) model = Token - serializer_class = AuthTokenSerializer - -class AuthTokenLogoutView(APIView): def post(self, request): - if request.user.is_authenticated() and request.auth: - request.auth.delete() - return HttpResponse("logged out") - else: - return HttpResponse("not logged in") - + serializer = AuthTokenSerializer(data=request.DATA) + if serializer.is_valid(): + token, created = Token.objects.get_or_create(user=serializer.object['user']) + return Response({'token': token.key}) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + -- cgit v1.2.3 From 321ba156ca45da8a4b3328c4aec6a9235f32e5f8 Mon Sep 17 00:00:00 2001 From: Rob Romano Date: Tue, 13 Nov 2012 16:49:13 -0800 Subject: Renamed AuthTokenView to ObtainAuthToken, added obtain_auth_token var, updated tests & docs. Left authtoken.urls in place as example. --- rest_framework/authtoken/urls.py | 14 +++++++------- rest_framework/authtoken/views.py | 4 +++- 2 files changed, 10 insertions(+), 8 deletions(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/urls.py b/rest_framework/authtoken/urls.py index 87872136..a3419da6 100644 --- a/rest_framework/authtoken/urls.py +++ b/rest_framework/authtoken/urls.py @@ -1,20 +1,20 @@ """ -Login and logout views for token authentication. +Login view for token authentication. -Add these to your root URLconf if you're using token authentication +Add this to your root URLconf if you're using token authentication your API requires authentication. -The urls must be namespaced as 'rest_framework', and you should make sure -your authentication settings include `TokenAuthentication`. +You should make sure your authentication settings include +`TokenAuthentication`. urlpatterns = patterns('', ... - url(r'^auth-token', include('rest_framework.authtoken.urls', namespace='rest_framework')) + url(r'^auth-token/', 'rest_framework.authtoken.obtain_auth_token') ) """ + from django.conf.urls.defaults import patterns, url -from rest_framework.authtoken.views import AuthTokenView urlpatterns = patterns('rest_framework.authtoken.views', - url(r'^login/$', AuthTokenView.as_view(), name='token_login'), + url(r'^login/$', 'rest_framework.authtoken.views.obtain_auth_token', name='token_login'), ) diff --git a/rest_framework/authtoken/views.py b/rest_framework/authtoken/views.py index e027dff1..3ac674e2 100644 --- a/rest_framework/authtoken/views.py +++ b/rest_framework/authtoken/views.py @@ -6,7 +6,7 @@ from rest_framework.response import Response from rest_framework.authtoken.models import Token from rest_framework.authtoken.serializers import AuthTokenSerializer -class AuthTokenView(APIView): +class ObtainAuthToken(APIView): throttle_classes = () permission_classes = () parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,) @@ -20,3 +20,5 @@ class AuthTokenView(APIView): return Response({'token': token.key}) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + +obtain_auth_token = ObtainAuthToken.as_view() -- cgit v1.2.3 From 535b65a34862e1dcf6370046a37e9cd0e980f491 Mon Sep 17 00:00:00 2001 From: Rob Romano Date: Tue, 13 Nov 2012 17:03:10 -0800 Subject: Removed authtoken/urls.py, not really needed with Tom's simplification --- rest_framework/authtoken/urls.py | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 rest_framework/authtoken/urls.py (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/urls.py b/rest_framework/authtoken/urls.py deleted file mode 100644 index a3419da6..00000000 --- a/rest_framework/authtoken/urls.py +++ /dev/null @@ -1,20 +0,0 @@ -""" -Login view for token authentication. - -Add this to your root URLconf if you're using token authentication -your API requires authentication. - -You should make sure your authentication settings include -`TokenAuthentication`. - - urlpatterns = patterns('', - ... - url(r'^auth-token/', 'rest_framework.authtoken.obtain_auth_token') - ) -""" - -from django.conf.urls.defaults import patterns, url - -urlpatterns = patterns('rest_framework.authtoken.views', - url(r'^login/$', 'rest_framework.authtoken.views.obtain_auth_token', name='token_login'), -) -- cgit v1.2.3 From f0d4232c1de2c3154535312d1d48c59854ffa162 Mon Sep 17 00:00:00 2001 From: Jonas Liljestrand Date: Sat, 17 Nov 2012 17:46:16 +0100 Subject: Django 1.5 support, and awareness for AUTH_USER_MODEL --- rest_framework/authtoken/models.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/models.py b/rest_framework/authtoken/models.py index 5b3071aa..610de8d8 100644 --- a/rest_framework/authtoken/models.py +++ b/rest_framework/authtoken/models.py @@ -2,14 +2,28 @@ import uuid import hmac from hashlib import sha1 from django.db import models +from django import VERSION +try: + from django.db.models.auth import User + user_model = User + except ImportError: + raise ImportError + else: + raise + +if VERSION[:2] in ((1, 5,),): + from django.conf import settings + if hasattr(settings, AUTH_USER_MODEL): + user_model = settings.AUTH_USER_MODEL + class Token(models.Model): """ The default authorization token model. """ key = models.CharField(max_length=40, primary_key=True) - user = models.OneToOneField('auth.User', related_name='auth_token') + user = models.OneToOneField(user_model, related_name='auth_token') created = models.DateTimeField(auto_now_add=True) def save(self, *args, **kwargs): -- cgit v1.2.3 From 3c1b5c34356eef4ff1a2ecdec26c761c7a27eb27 Mon Sep 17 00:00:00 2001 From: Jonas Liljestrand Date: Sat, 17 Nov 2012 17:53:08 +0100 Subject: indent error --- rest_framework/authtoken/models.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/models.py b/rest_framework/authtoken/models.py index 610de8d8..08b70f52 100644 --- a/rest_framework/authtoken/models.py +++ b/rest_framework/authtoken/models.py @@ -6,11 +6,11 @@ from django import VERSION try: from django.db.models.auth import User - user_model = User - except ImportError: - raise ImportError - else: - raise + user_model = User +except ImportError: + raise ImportError +else: + raise if VERSION[:2] in ((1, 5,),): from django.conf import settings -- cgit v1.2.3 From bbb5a8a1d90573665c18b70add60d12e8a36882f Mon Sep 17 00:00:00 2001 From: Jonas Liljestrand Date: Sat, 17 Nov 2012 18:01:46 +0100 Subject: fixed import error --- rest_framework/authtoken/models.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/models.py b/rest_framework/authtoken/models.py index 08b70f52..fa1f4ea6 100644 --- a/rest_framework/authtoken/models.py +++ b/rest_framework/authtoken/models.py @@ -4,18 +4,18 @@ from hashlib import sha1 from django.db import models from django import VERSION -try: - from django.db.models.auth import User - user_model = User -except ImportError: - raise ImportError -else: - raise if VERSION[:2] in ((1, 5,),): from django.conf import settings if hasattr(settings, AUTH_USER_MODEL): user_model = settings.AUTH_USER_MODEL + else: + from django.contrib.auth.models import User as user_model +else: + try: + from django.db.models.auth import User as user_model + except ImportError: + raise ImportError('User model is not to be found.') class Token(models.Model): -- cgit v1.2.3 From cd482c0ad22bbb810378c61e02a790e5e3796aa7 Mon Sep 17 00:00:00 2001 From: Jonas Liljestrand Date: Sat, 17 Nov 2012 18:04:37 +0100 Subject: Added support for Django 1.5 for TokenAuth --- rest_framework/authtoken/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/models.py b/rest_framework/authtoken/models.py index fa1f4ea6..3b8bffeb 100644 --- a/rest_framework/authtoken/models.py +++ b/rest_framework/authtoken/models.py @@ -7,7 +7,7 @@ from django import VERSION if VERSION[:2] in ((1, 5,),): from django.conf import settings - if hasattr(settings, AUTH_USER_MODEL): + if hasattr(settings, 'AUTH_USER_MODEL'): user_model = settings.AUTH_USER_MODEL else: from django.contrib.auth.models import User as user_model -- cgit v1.2.3 From 8eb4bb8090a84282c3537641e8ecb5c38a33fc41 Mon Sep 17 00:00:00 2001 From: Jonas Liljestrand Date: Sat, 17 Nov 2012 20:35:15 +0100 Subject: Moved function for getting correct user model to compat.py --- rest_framework/authtoken/models.py | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/models.py b/rest_framework/authtoken/models.py index 3b8bffeb..4da2aa62 100644 --- a/rest_framework/authtoken/models.py +++ b/rest_framework/authtoken/models.py @@ -1,29 +1,16 @@ import uuid import hmac from hashlib import sha1 +from rest_framework.compat import User from django.db import models -from django import VERSION -if VERSION[:2] in ((1, 5,),): - from django.conf import settings - if hasattr(settings, 'AUTH_USER_MODEL'): - user_model = settings.AUTH_USER_MODEL - else: - from django.contrib.auth.models import User as user_model -else: - try: - from django.db.models.auth import User as user_model - except ImportError: - raise ImportError('User model is not to be found.') - - class Token(models.Model): """ The default authorization token model. """ key = models.CharField(max_length=40, primary_key=True) - user = models.OneToOneField(user_model, related_name='auth_token') + user = models.OneToOneField(User, related_name='auth_token') created = models.DateTimeField(auto_now_add=True) def save(self, *args, **kwargs): -- cgit v1.2.3 From 91c0249c9d622670252030cb36ea872c08d91471 Mon Sep 17 00:00:00 2001 From: Jonas Liljestrand Date: Sun, 18 Nov 2012 21:12:06 +0100 Subject: fixed migration to support django 1.5 --- rest_framework/authtoken/migrations/0001_initial.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/migrations/0001_initial.py b/rest_framework/authtoken/migrations/0001_initial.py index 9d750381..2c0c40b1 100644 --- a/rest_framework/authtoken/migrations/0001_initial.py +++ b/rest_framework/authtoken/migrations/0001_initial.py @@ -3,6 +3,7 @@ import datetime from south.db import db from south.v2 import SchemaMigration from django.db import models +from rest_framework.compat import User class Migration(SchemaMigration): @@ -11,7 +12,7 @@ class Migration(SchemaMigration): # Adding model 'Token' db.create_table('authtoken_token', ( ('key', self.gf('django.db.models.fields.CharField')(max_length=40, primary_key=True)), - ('user', self.gf('django.db.models.fields.related.OneToOneField')(related_name='auth_token', unique=True, to=orm['auth.User'])), + ('user', self.gf('django.db.models.fields.related.OneToOneField')(related_name='auth_token', unique=True, to=orm["%s.%s" % (User._meta.app_label, User._meta.object_name)])), ('created', self.gf('django.db.models.fields.DateTimeField')(auto_now_add=True, blank=True)), )) db.send_create_signal('authtoken', ['Token']) -- cgit v1.2.3 From 0bcc840927ab08d0e7d64844f3242036a142113d Mon Sep 17 00:00:00 2001 From: Jonas Liljestrand Date: Mon, 19 Nov 2012 11:37:37 +0100 Subject: Complete fix for migration --- rest_framework/authtoken/migrations/0001_initial.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/migrations/0001_initial.py b/rest_framework/authtoken/migrations/0001_initial.py index 2c0c40b1..f4e052e4 100644 --- a/rest_framework/authtoken/migrations/0001_initial.py +++ b/rest_framework/authtoken/migrations/0001_initial.py @@ -3,7 +3,14 @@ import datetime from south.db import db from south.v2 import SchemaMigration from django.db import models -from rest_framework.compat import User + + +try: + from django.contrib.auth import get_user_model +except ImportError: # django < 1.5 + from django.contrib.auth.models import User +else: + User = get_user_model() class Migration(SchemaMigration): @@ -12,7 +19,7 @@ class Migration(SchemaMigration): # Adding model 'Token' db.create_table('authtoken_token', ( ('key', self.gf('django.db.models.fields.CharField')(max_length=40, primary_key=True)), - ('user', self.gf('django.db.models.fields.related.OneToOneField')(related_name='auth_token', unique=True, to=orm["%s.%s" % (User._meta.app_label, User._meta.object_name)])), + ('user', self.gf('django.db.models.fields.related.OneToOneField')(related_name='auth_token', unique=True, to=orm['%s.%s' % (User._meta.app_label, User._meta.object_name)])), ('created', self.gf('django.db.models.fields.DateTimeField')(auto_now_add=True, blank=True)), )) db.send_create_signal('authtoken', ['Token']) @@ -37,7 +44,7 @@ class Migration(SchemaMigration): 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}) }, - 'auth.user': { + "%s.%s" % (User._meta.app_label, User._meta.module_name): { 'Meta': {'object_name': 'User'}, 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}), @@ -57,7 +64,7 @@ class Migration(SchemaMigration): 'Meta': {'object_name': 'Token'}, 'created': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}), 'key': ('django.db.models.fields.CharField', [], {'max_length': '40', 'primary_key': 'True'}), - 'user': ('django.db.models.fields.related.OneToOneField', [], {'related_name': "'auth_token'", 'unique': 'True', 'to': "orm['auth.User']"}) + 'user': ('django.db.models.fields.related.OneToOneField', [], {'related_name': "'auth_token'", 'unique': 'True', 'to': "orm['%s.%s']" % (User._meta.app_label, User._meta.object_name)}) }, 'contenttypes.contenttype': { 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"}, -- cgit v1.2.3 From 7eec582d406b9b366f9d364b53d1fc509831d9b4 Mon Sep 17 00:00:00 2001 From: Pavel Savchenko Date: Wed, 28 Nov 2012 17:04:36 +0200 Subject: Better to return 401 when failing to authenticate --- rest_framework/authtoken/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/views.py b/rest_framework/authtoken/views.py index 3ac674e2..cfaacbe9 100644 --- a/rest_framework/authtoken/views.py +++ b/rest_framework/authtoken/views.py @@ -18,7 +18,7 @@ class ObtainAuthToken(APIView): if serializer.is_valid(): token, created = Token.objects.get_or_create(user=serializer.object['user']) return Response({'token': token.key}) - return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED) obtain_auth_token = ObtainAuthToken.as_view() -- cgit v1.2.3 From c911d54ae3769243fe6c74c29b5d16c7ac6efa10 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 7 Dec 2012 22:25:16 +0000 Subject: Reverted #458 When incorrect parameters are supplied to the obtain auth token view 400 *is* the correct response. --- rest_framework/authtoken/serializers.py | 2 +- rest_framework/authtoken/views.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'rest_framework/authtoken') diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py index a5ed6e6d..60a3740e 100644 --- a/rest_framework/authtoken/serializers.py +++ b/rest_framework/authtoken/serializers.py @@ -1,6 +1,7 @@ from django.contrib.auth import authenticate from rest_framework import serializers + class AuthTokenSerializer(serializers.Serializer): username = serializers.CharField() password = serializers.CharField() @@ -21,4 +22,3 @@ class AuthTokenSerializer(serializers.Serializer): raise serializers.ValidationError('Unable to login with provided credentials.') else: raise serializers.ValidationError('Must include "username" and "password"') - diff --git a/rest_framework/authtoken/views.py b/rest_framework/authtoken/views.py index cfaacbe9..d318c723 100644 --- a/rest_framework/authtoken/views.py +++ b/rest_framework/authtoken/views.py @@ -6,11 +6,12 @@ from rest_framework.response import Response from rest_framework.authtoken.models import Token from rest_framework.authtoken.serializers import AuthTokenSerializer + class ObtainAuthToken(APIView): throttle_classes = () permission_classes = () parser_classes = (parsers.FormParser, parsers.MultiPartParser, parsers.JSONParser,) - renderer_classes = (renderers.JSONRenderer,) + renderer_classes = (renderers.JSONRenderer,) model = Token def post(self, request): @@ -18,7 +19,7 @@ class ObtainAuthToken(APIView): if serializer.is_valid(): token, created = Token.objects.get_or_create(user=serializer.object['user']) return Response({'token': token.key}) - return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) obtain_auth_token = ObtainAuthToken.as_view() -- cgit v1.2.3