From 873a142af2f63084fd10bf35c13e79131837da07 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 13 Nov 2012 11:27:09 +0000 Subject: Implementing 401 vs 403 responses --- rest_framework/request.py | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index a1827ba4..38ee36dd 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -86,6 +86,7 @@ class Request(object): self._method = Empty self._content_type = Empty self._stream = Empty + self._authenticator = None if self.parser_context is None: self.parser_context = {} @@ -166,7 +167,7 @@ class Request(object): by the authentication classes provided to the request. """ if not hasattr(self, '_user'): - self._user, self._auth = self._authenticate() + self._authenticator, self._user, self._auth = self._authenticate() return self._user @property @@ -176,9 +177,17 @@ class Request(object): request, such as an authentication token. """ if not hasattr(self, '_auth'): - self._user, self._auth = self._authenticate() + self._authenticator, self._user, self._auth = self._authenticate() return self._auth + @property + def successful_authenticator(self): + """ + Return the instance of the authentication instance class that was used + to authenticate the request, or `None`. + """ + return self._authenticator + def _load_data_and_files(self): """ Parses the request content into self.DATA and self.FILES. @@ -282,21 +291,23 @@ class Request(object): def _authenticate(self): """ - Attempt to authenticate the request using each authentication instance in turn. - Returns a two-tuple of (user, authtoken). + Attempt to authenticate the request using each authentication instance + in turn. + Returns a three-tuple of (authenticator, user, authtoken). """ for authenticator in self.authenticators: user_auth_tuple = authenticator.authenticate(self) if not user_auth_tuple is None: - return user_auth_tuple + user, auth = user_auth_tuple + return (authenticator, user, auth) return self._not_authenticated() def _not_authenticated(self): """ - Return a two-tuple of (user, authtoken), representing an - unauthenticated request. + Return a three-tuple of (authenticator, user, authtoken), representing + an unauthenticated request. - By default this will be (AnonymousUser, None). + By default this will be (None, AnonymousUser, None). """ if api_settings.UNAUTHENTICATED_USER: user = api_settings.UNAUTHENTICATED_USER() @@ -308,7 +319,7 @@ class Request(object): else: auth = None - return (user, auth) + return (None, user, auth) def __getattr__(self, attr): """ -- cgit v1.2.3 From b3698acb6c0b9eaa04189599e27014c788a75adc Mon Sep 17 00:00:00 2001 From: Xavier Ordoquy Date: Thu, 22 Nov 2012 00:20:49 +0100 Subject: First passing test under p3k \o/ --- rest_framework/request.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index a1827ba4..dbe57942 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -9,7 +9,7 @@ The wrapped request then offers a richer API, in particular : - full support of PUT method, including support for file uploads - form overloading of HTTP method, content type and content """ -from StringIO import StringIO +from rest_framework.compat import StringIO from django.http.multipartparser import parse_header from rest_framework import exceptions -- cgit v1.2.3 From 606c20f012c5a1fdcfd661eb280bab22b94afcf5 Mon Sep 17 00:00:00 2001 From: Xavier Ordoquy Date: Thu, 22 Nov 2012 02:08:00 +0100 Subject: 6 first tests passes under python 3.2 --- rest_framework/request.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index dbe57942..d0c4ded6 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -20,7 +20,7 @@ def is_form_media_type(media_type): """ Return True if the media type is a valid form media type. """ - base_media_type, params = parse_header(media_type) + base_media_type, params = parse_header(media_type.encode('utf8')) return (base_media_type == 'application/x-www-form-urlencoded' or base_media_type == 'multipart/form-data') -- cgit v1.2.3 From e348ee92552aab51290dfe6b256ad03b8d62e6f9 Mon Sep 17 00:00:00 2001 From: Xavier Ordoquy Date: Fri, 23 Nov 2012 01:12:33 +0100 Subject: 52 tests passing. Refactored a few string / byte io. --- rest_framework/request.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index d0c4ded6..05424f21 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -9,7 +9,8 @@ The wrapped request then offers a richer API, in particular : - full support of PUT method, including support for file uploads - form overloading of HTTP method, content type and content """ -from rest_framework.compat import StringIO +import six +from rest_framework.compat import BytesIO from django.http.multipartparser import parse_header from rest_framework import exceptions @@ -20,7 +21,7 @@ def is_form_media_type(media_type): """ Return True if the media type is a valid form media type. """ - base_media_type, params = parse_header(media_type.encode('utf8')) + base_media_type, params = parse_header(media_type.encode('iso-8859-1')) return (base_media_type == 'application/x-www-form-urlencoded' or base_media_type == 'multipart/form-data') @@ -216,7 +217,7 @@ class Request(object): elif hasattr(self._request, 'read'): self._stream = self._request else: - self._stream = StringIO(self.raw_post_data) + self._stream = BytesIO(self.raw_post_data) def _perform_form_overloading(self): """ @@ -251,7 +252,7 @@ class Request(object): self._CONTENT_PARAM in self._data and self._CONTENTTYPE_PARAM in self._data): self._content_type = self._data[self._CONTENTTYPE_PARAM] - self._stream = StringIO(self._data[self._CONTENT_PARAM]) + self._stream = BytesIO(self._data[self._CONTENT_PARAM].encode('iso-8859-1')) self._data, self._files = (Empty, Empty) def _parse(self): -- cgit v1.2.3 From 60250f22c8e144494f372338c16a2167cccb319d Mon Sep 17 00:00:00 2001 From: Xavier Ordoquy Date: Thu, 3 Jan 2013 11:41:07 +0100 Subject: Move the various compat things to the compat module. --- rest_framework/request.py | 1 - 1 file changed, 1 deletion(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index c50ae5ad..048a1c41 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -9,7 +9,6 @@ The wrapped request then offers a richer API, in particular : - full support of PUT method, including support for file uploads - form overloading of HTTP method, content type and content """ -import six from rest_framework.compat import BytesIO from django.http.multipartparser import parse_header -- cgit v1.2.3 From 00752dcd2a3647f2de2a259934753745597e3ade Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 1 Feb 2013 15:07:51 +0000 Subject: Py3k cleanup --- rest_framework/request.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index 23e1da87..597892ef 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -9,10 +9,11 @@ The wrapped request then offers a richer API, in particular : - full support of PUT method, including support for file uploads - form overloading of HTTP method, content type and content """ -from rest_framework.compat import BytesIO from django.http.multipartparser import parse_header +from rest_framework import HTTP_HEADER_ENCODING from rest_framework import exceptions +from rest_framework.compat import BytesIO from rest_framework.settings import api_settings @@ -20,7 +21,7 @@ def is_form_media_type(media_type): """ Return True if the media type is a valid form media type. """ - base_media_type, params = parse_header(media_type.encode('iso-8859-1')) + base_media_type, params = parse_header(media_type.encode(HTTP_HEADER_ENCODING)) return (base_media_type == 'application/x-www-form-urlencoded' or base_media_type == 'multipart/form-data') @@ -277,7 +278,7 @@ class Request(object): self._CONTENT_PARAM in self._data and self._CONTENTTYPE_PARAM in self._data): self._content_type = self._data[self._CONTENTTYPE_PARAM] - self._stream = BytesIO(self._data[self._CONTENT_PARAM].encode('iso-8859-1')) + self._stream = BytesIO(self._data[self._CONTENT_PARAM].encode(HTTP_HEADER_ENCODING)) self._data, self._files = (Empty, Empty) def _parse(self): -- cgit v1.2.3 From b052c92ac38f90e5b56cfd128cd4a488713c048e Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 4 Feb 2013 20:55:35 +0000 Subject: Cleanup imports Mostly adding `from __future__ import unicode_literals` everywhere. --- rest_framework/request.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index 597892ef..16f47d16 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -9,7 +9,7 @@ The wrapped request then offers a richer API, in particular : - full support of PUT method, including support for file uploads - form overloading of HTTP method, content type and content """ - +from __future__ import unicode_literals from django.http.multipartparser import parse_header from rest_framework import HTTP_HEADER_ENCODING from rest_framework import exceptions -- cgit v1.2.3 From 0a38bc9db8c7ad5c1a9c8429ac799260c7257a39 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 4 Feb 2013 21:16:34 +0000 Subject: Deal with parser encodings properly --- rest_framework/request.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index 16f47d16..482c8688 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -10,6 +10,7 @@ The wrapped request then offers a richer API, in particular : - form overloading of HTTP method, content type and content """ from __future__ import unicode_literals +from django.conf import settings from django.http.multipartparser import parse_header from rest_framework import HTTP_HEADER_ENCODING from rest_framework import exceptions @@ -92,6 +93,7 @@ class Request(object): if self.parser_context is None: self.parser_context = {} self.parser_context['request'] = self + self.parser_context['encoding'] = request.encoding or settings.DEFAULT_CHARSET def _default_negotiator(self): return api_settings.DEFAULT_CONTENT_NEGOTIATION_CLASS() -- cgit v1.2.3 From 870f10486cd347480fb16d95647d1ca4a72d83d4 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sun, 10 Feb 2013 20:08:36 +0000 Subject: Fix incorrect 401 vs 403 response, if lazy authentication has not taken place. --- rest_framework/request.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index 482c8688..47c009b2 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -88,7 +88,6 @@ class Request(object): self._method = Empty self._content_type = Empty self._stream = Empty - self._authenticator = None if self.parser_context is None: self.parser_context = {} @@ -175,12 +174,12 @@ class Request(object): @user.setter def user(self, value): - """ - Sets the user on the current request. This is necessary to maintain - compatilbility with django.contrib.auth where the user proprety is - set in the login and logout functions. - """ - self._user = value + """ + Sets the user on the current request. This is necessary to maintain + compatilbility with django.contrib.auth where the user proprety is + set in the login and logout functions. + """ + self._user = value @property def auth(self): @@ -206,6 +205,8 @@ class Request(object): Return the instance of the authentication instance class that was used to authenticate the request, or `None`. """ + if not hasattr(self, '_authenticator'): + self._authenticator, self._user, self._auth = self._authenticate() return self._authenticator def _load_data_and_files(self): -- cgit v1.2.3 From 9d3153ed04aed78a977e064d0715baaf178ff88a Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 14 Feb 2013 12:50:55 +0000 Subject: Fix broken clone_request --- rest_framework/request.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index 47c009b2..bde391f9 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -44,10 +44,11 @@ def clone_request(request, method): Internal helper method to clone a request, replacing with a different HTTP method. Used for checking permissions against other methods. """ - ret = Request(request._request, - request.parsers, - request.authenticators, - request.parser_context) + ret = Request(request=request._request, + parsers=request.parsers, + authenticators=request.authenticators, + negotiator=request.negotiator, + parser_context=request.parser_context) ret._data = request._data ret._files = request._files ret._content_type = request._content_type @@ -57,6 +58,8 @@ def clone_request(request, method): ret._user = request._user if hasattr(request, '_auth'): ret._auth = request._auth + if hasattr(request, '_authenticator'): + ret._authenticator = request._authenticator return ret -- cgit v1.2.3 From af686ec11a267183e84d8e59dca7d4ee1f05dedd Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 14 Feb 2013 13:02:28 +0000 Subject: request.DATA should use empty QueryDict for no data, not None. --- rest_framework/request.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index bde391f9..3e2fbd88 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -11,7 +11,9 @@ The wrapped request then offers a richer API, in particular : """ from __future__ import unicode_literals from django.conf import settings +from django.http import QueryDict from django.http.multipartparser import parse_header +from django.utils.datastructures import MultiValueDict from rest_framework import HTTP_HEADER_ENCODING from rest_framework import exceptions from rest_framework.compat import BytesIO @@ -297,7 +299,9 @@ class Request(object): media_type = self.content_type if stream is None or media_type is None: - return (None, None) + empty_data = QueryDict('', self._request._encoding) + empty_files = MultiValueDict() + return (empty_data, empty_files) parser = self.negotiator.select_parser(self, self.parsers) @@ -311,7 +315,8 @@ class Request(object): try: return (parsed.data, parsed.files) except AttributeError: - return (parsed, None) + empty_files = MultiValueDict() + return (parsed, empty_files) def _authenticate(self): """ -- cgit v1.2.3 From 9dccbcbb3800f83149edf08330f6926659bc5d73 Mon Sep 17 00:00:00 2001 From: Dave Kuhn Date: Sun, 3 Mar 2013 00:00:58 +1100 Subject: Support for X-HTTP-Method-Override header --- rest_framework/request.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index 3e2fbd88..4cdc8b73 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -231,9 +231,15 @@ class Request(object): """ self._content_type = self.META.get('HTTP_CONTENT_TYPE', self.META.get('CONTENT_TYPE', '')) + + # Look for method override in header + self._method = self.META.get('HTTP_X_HTTP_METHOD_OVERRIDE', None) + if self._method: + return + self._perform_form_overloading() # if the HTTP method was not overloaded, we take the raw HTTP method - if not _hasattr(self, '_method'): + if self._method: self._method = self._request.method def _load_stream(self): -- cgit v1.2.3 From 104614c600a391b2d416074f3929e543b86a8492 Mon Sep 17 00:00:00 2001 From: Dave Kuhn Date: Mon, 4 Mar 2013 07:14:38 +1100 Subject: Modified to allow form overloading to take precedence over header. --- rest_framework/request.py | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index 4cdc8b73..f26d934d 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -232,15 +232,12 @@ class Request(object): self._content_type = self.META.get('HTTP_CONTENT_TYPE', self.META.get('CONTENT_TYPE', '')) - # Look for method override in header - self._method = self.META.get('HTTP_X_HTTP_METHOD_OVERRIDE', None) - if self._method: - return - self._perform_form_overloading() - # if the HTTP method was not overloaded, we take the raw HTTP method - if self._method: - self._method = self._request.method + if not _hasattr(self, '_method'): + # Method wasn't overloaded by hidden form element, so look for + # method override in header. If not present default to raw HTTP method + self._method = self.META.get('HTTP_X_HTTP_METHOD_OVERRIDE', + self._request.method) def _load_stream(self): """ -- cgit v1.2.3 From 377dc2cda2c3a7aa02f5d761631f73c58745ed9d Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Mar 2013 20:49:20 +0000 Subject: Only honor X-HTTP-Method-Override for POST requests. --- rest_framework/request.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'rest_framework/request.py') diff --git a/rest_framework/request.py b/rest_framework/request.py index f26d934d..ffbbab33 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -233,11 +233,14 @@ class Request(object): self.META.get('CONTENT_TYPE', '')) self._perform_form_overloading() + if not _hasattr(self, '_method'): - # Method wasn't overloaded by hidden form element, so look for - # method override in header. If not present default to raw HTTP method - self._method = self.META.get('HTTP_X_HTTP_METHOD_OVERRIDE', - self._request.method) + self._method = self._request.method + + if self._method == 'POST': + # Allow X-HTTP-METHOD-OVERRIDE header + self._method = self.META.get('HTTP_X_HTTP_METHOD_OVERRIDE', + self._method) def _load_stream(self): """ -- cgit v1.2.3