Don't trim whitespace from authtoken passwords

* Fixes #5148

Don't trim whitespace from authtoken passwords
* Fixes #5148
c9c383df · Thomas Achtemichuk · 1ca5a9d0 · c9c383df · c9c383df
Unverified Commit c9c383df authored May 17, 2017 by Thomas Achtemichuk
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletions

rest_framework/authtoken/serializers.py
+2 -1

tests/test_authtoken.py
+6 -0

No files found.
--- a/rest_framework/authtoken/serializers.py
+++ b/rest_framework/authtoken/serializers.py
@@ -6,7 +6,8 @@ from rest_framework import serializers

 class AuthTokenSerializer(serializers.Serializer):
    username = serializers.CharField(label=_("Username"))
-    password = serializers.CharField(label=_("Password"), style={'input_type': 'password'})
+    password = serializers.CharField(label=_("Password"),
+        style={'input_type': 'password'}, trim_whitespace=False)

    def validate(self, attrs):
        username = attrs.get('username')

--- a/tests/test_authtoken.py
+++ b/tests/test_authtoken.py
@@ -27,3 +27,9 @@ class AuthTokenTests(TestCase):
    def test_validate_raise_error_if_no_credentials_provided(self):
        with pytest.raises(ValidationError):
            AuthTokenSerializer().validate({})
+
+    def test_whitespace_in_password(self):
+        data = {'username': self.user.username, 'password': 'test pass '}
+        self.user.set_password(data['password'])
+        self.user.save()
+        assert AuthTokenSerializer(data=data).is_valid()