Skip to content

D
django-rest-framework
Commit c449dd4f by Pierre Dulac
Options

Properly fail to wrong Authorization token type

parent 8809c46a
Showing with 1 additions and 3 deletions
rest_framework/authentication.py
...@@ -176,7 +176,7 @@ class OAuth2Authentication(BaseAuthentication): ...@@ -176,7 +176,7 @@ class OAuth2Authentication(BaseAuthentication):
""" """
auth = request.META.get('HTTP_AUTHORIZATION', '').split() auth = request.META.get('HTTP_AUTHORIZATION', '').split()
if not auth or auth[0].lower() != "bearer": if not auth or auth[0].lower() != "bearer":
return None raise exceptions.AuthenticationFailed('Invalid Authorization token type')
if len(auth) != 2: if len(auth) != 2:
raise exceptions.AuthenticationFailed('Invalid token header') raise exceptions.AuthenticationFailed('Invalid token header')
...@@ -212,8 +212,6 @@ class OAuth2Authentication(BaseAuthentication): ...@@ -212,8 +212,6 @@ class OAuth2Authentication(BaseAuthentication):
raise exceptions.AuthenticationFailed( raise exceptions.AuthenticationFailed(
'You are not allowed to access this resource.') 'You are not allowed to access this resource.')
return None
def authenticate_header(self, request): def authenticate_header(self, request):
""" """
Bearer is the only finalized type currently Bearer is the only finalized type currently
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment