Skip to content

D
django-rest-framework
Commit 2596c12a by Tom Christie
Options

Fixes for auth header checking.

parent 1016c14a
Showing with 9 additions and 6 deletions
rest_framework/authentication.py
...@@ -63,7 +63,8 @@ class BasicAuthentication(BaseAuthentication): ...@@ -63,7 +63,8 @@ class BasicAuthentication(BaseAuthentication):
if len(auth) == 1: if len(auth) == 1:
msg = 'Invalid basic header. No credentials provided.' msg = 'Invalid basic header. No credentials provided.'
if len(auth) > 2: raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = 'Invalid basic header. Credentials string should not contain spaces.' msg = 'Invalid basic header. Credentials string should not contain spaces.'
raise exceptions.AuthenticationFailed(msg) raise exceptions.AuthenticationFailed(msg)
...@@ -144,12 +145,13 @@ class TokenAuthentication(BaseAuthentication): ...@@ -144,12 +145,13 @@ class TokenAuthentication(BaseAuthentication):
def authenticate(self, request): def authenticate(self, request):
auth = get_authorization_header(request).split() auth = get_authorization_header(request).split()
if not auth or auth[0].lower() != "token": if not auth or auth[0].lower() != b'token':
return None return None
if len(auth) == 1: if len(auth) == 1:
msg = 'Invalid token header. No credentials provided.' msg = 'Invalid token header. No credentials provided.'
if len(auth) > 2: raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = 'Invalid token header. Token string should not contain spaces.' msg = 'Invalid token header. Token string should not contain spaces.'
raise exceptions.AuthenticationFailed(msg) raise exceptions.AuthenticationFailed(msg)
...@@ -293,12 +295,13 @@ class OAuth2Authentication(BaseAuthentication): ...@@ -293,12 +295,13 @@ class OAuth2Authentication(BaseAuthentication):
auth = get_authorization_header(request).split() auth = get_authorization_header(request).split()
if not auth or auth[0].lower() != 'bearer': if not auth or auth[0].lower() != b'bearer':
return None return None
if len(auth) == 1: if len(auth) == 1:
msg = 'Invalid bearer header. No credentials provided.' msg = 'Invalid bearer header. No credentials provided.'
if len(auth) > 2: raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = 'Invalid bearer header. Token string should not contain spaces.' msg = 'Invalid bearer header. Token string should not contain spaces.'
raise exceptions.AuthenticationFailed(msg) raise exceptions.AuthenticationFailed(msg)
......
rest_framework/tests/authentication.py
...@@ -159,7 +159,7 @@ class TokenAuthTests(TestCase): ...@@ -159,7 +159,7 @@ class TokenAuthTests(TestCase):
def test_post_form_passing_token_auth(self): def test_post_form_passing_token_auth(self):
"""Ensure POSTing json over token auth with correct credentials passes and does not require CSRF""" """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF"""
auth = "Token " + self.key auth = 'Token ' + self.key
response = self.csrf_client.post('/token/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) response = self.csrf_client.post('/token/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.status_code, status.HTTP_200_OK)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment