Skip to content

D
django-rest-framework
Commit c911d54a by Tom Christie
Options

Reverted #458 

When incorrect parameters are supplied to the obtain auth token view
400 *is* the correct response.
parent 303bc7cf
Showing with 11 additions and 10 deletions
rest_framework/authtoken/serializers.py
from django.contrib.auth import authenticate from django.contrib.auth import authenticate
from rest_framework import serializers from rest_framework import serializers
class AuthTokenSerializer(serializers.Serializer): class AuthTokenSerializer(serializers.Serializer):
username = serializers.CharField() username = serializers.CharField()
password = serializers.CharField() password = serializers.CharField()
...@@ -21,4 +22,3 @@ class AuthTokenSerializer(serializers.Serializer): ...@@ -21,4 +22,3 @@ class AuthTokenSerializer(serializers.Serializer):
raise serializers.ValidationError('Unable to login with provided credentials.') raise serializers.ValidationError('Unable to login with provided credentials.')
else: else:
raise serializers.ValidationError('Must include "username" and "password"') raise serializers.ValidationError('Must include "username" and "password"')
rest_framework/authtoken/views.py
...@@ -6,6 +6,7 @@ from rest_framework.response import Response ...@@ -6,6 +6,7 @@ from rest_framework.response import Response
from rest_framework.authtoken.models import Token from rest_framework.authtoken.models import Token
from rest_framework.authtoken.serializers import AuthTokenSerializer from rest_framework.authtoken.serializers import AuthTokenSerializer
class ObtainAuthToken(APIView): class ObtainAuthToken(APIView):
throttle_classes = () throttle_classes = ()
permission_classes = () permission_classes = ()
...@@ -18,7 +19,7 @@ class ObtainAuthToken(APIView): ...@@ -18,7 +19,7 @@ class ObtainAuthToken(APIView):
if serializer.is_valid(): if serializer.is_valid():
token, created = Token.objects.get_or_create(user=serializer.object['user']) token, created = Token.objects.get_or_create(user=serializer.object['user'])
return Response({'token': token.key}) return Response({'token': token.key})
return Response(serializer.errors, status=status.HTTP_401_UNAUTHORIZED) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
obtain_auth_token = ObtainAuthToken.as_view() obtain_auth_token = ObtainAuthToken.as_view()
rest_framework/tests/authentication.py
from django.conf.urls.defaults import patterns, include from django.conf.urls.defaults import patterns
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.test import Client, TestCase from django.test import Client, TestCase
...@@ -27,7 +27,7 @@ MockView.authentication_classes += (TokenAuthentication,) ...@@ -27,7 +27,7 @@ MockView.authentication_classes += (TokenAuthentication,)
urlpatterns = patterns('', urlpatterns = patterns('',
(r'^$', MockView.as_view()), (r'^$', MockView.as_view()),
(r'^auth-token/', 'rest_framework.authtoken.views.obtain_auth_token'), (r'^auth-token/$', 'rest_framework.authtoken.views.obtain_auth_token'),
) )
...@@ -157,7 +157,7 @@ class TokenAuthTests(TestCase): ...@@ -157,7 +157,7 @@ class TokenAuthTests(TestCase):
def test_token_login_json(self): def test_token_login_json(self):
"""Ensure token login view using JSON POST works.""" """Ensure token login view using JSON POST works."""
client = Client(enforce_csrf_checks=True) client = Client(enforce_csrf_checks=True)
response = client.post('/auth-token/login/', response = client.post('/auth-token/',
json.dumps({'username': self.username, 'password': self.password}), 'application/json') json.dumps({'username': self.username, 'password': self.password}), 'application/json')
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content)['token'], self.key) self.assertEqual(json.loads(response.content)['token'], self.key)
...@@ -165,21 +165,21 @@ class TokenAuthTests(TestCase): ...@@ -165,21 +165,21 @@ class TokenAuthTests(TestCase):
def test_token_login_json_bad_creds(self): def test_token_login_json_bad_creds(self):
"""Ensure token login view using JSON POST fails if bad credentials are used.""" """Ensure token login view using JSON POST fails if bad credentials are used."""
client = Client(enforce_csrf_checks=True) client = Client(enforce_csrf_checks=True)
response = client.post('/auth-token/login/', response = client.post('/auth-token/',
json.dumps({'username': self.username, 'password': "badpass"}), 'application/json') json.dumps({'username': self.username, 'password': "badpass"}), 'application/json')
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 400)
def test_token_login_json_missing_fields(self): def test_token_login_json_missing_fields(self):
"""Ensure token login view using JSON POST fails if missing fields.""" """Ensure token login view using JSON POST fails if missing fields."""
client = Client(enforce_csrf_checks=True) client = Client(enforce_csrf_checks=True)
response = client.post('/auth-token/login/', response = client.post('/auth-token/',
json.dumps({'username': self.username}), 'application/json') json.dumps({'username': self.username}), 'application/json')
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 400)
def test_token_login_form(self): def test_token_login_form(self):
"""Ensure token login view using form POST works.""" """Ensure token login view using form POST works."""
client = Client(enforce_csrf_checks=True) client = Client(enforce_csrf_checks=True)
response = client.post('/auth-token/login/', response = client.post('/auth-token/',
{'username': self.username, 'password': self.password}) {'username': self.username, 'password': self.password})
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content)['token'], self.key) self.assertEqual(json.loads(response.content)['token'], self.key)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment