Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve django-rest-framework support #311

Closed
wants to merge 4 commits into from
Closed
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions AUTHORS
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@ Ash Christopher
Rodney Richardson
Hiroki Kiyohara
Diego Garcia
Pierre Dulac
1 change: 1 addition & 0 deletions docs/rest-framework/getting_started.rst
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ Also add the following to your `settings.py` module:
OAUTH2_PROVIDER = {
# this is the list of available scopes
'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
'OAUTH2_BACKEND_CLASS': 'oauth2_provider.ext.rest_framework.oauth2_backends.OAuthLibCore',
}

REST_FRAMEWORK = {
Expand Down
13 changes: 10 additions & 3 deletions oauth2_provider/ext/rest_framework/authentication.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
from django.utils.translation import ugettext_lazy as _

from rest_framework.authentication import BaseAuthentication
from rest_framework import exceptions

from ...oauth2_backends import get_oauthlib_core

Expand All @@ -16,11 +19,15 @@ def authenticate(self, request):
"""
oauthlib_core = get_oauthlib_core()
valid, r = oauthlib_core.verify_request(request, scopes=[])
if valid:
return r.user, r.access_token
else:

if not valid:
return None

if not r.user.is_active:
raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))

return r.user, r.access_token

def authenticate_header(self, request):
"""
Bearer is the only finalized type currently
Expand Down
19 changes: 19 additions & 0 deletions oauth2_provider/ext/rest_framework/oauth2_backends.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
from rest_framework.request import Request
from oauth2_provider import oauth2_backends


class OAuthLibCore(oauth2_backends.OAuthLibCore):
"""Backend for Django Rest Framework"""

def extract_body(self, request):
"""
We can read only once the body in Django,
so in case of DRF we avoid to read it before the framework does.
This use case often happen during multipart form requests.

NB: it forces you to use the `Authorization` request header
for authentication and not pass the credentials in the request body
"""
if isinstance(request, Request):
return request.data.items()

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would fail once you will start using any permission classes like TokenReadWriteScope and so on. Problem is that this perm classes will access this method and will fail if request.data is not a dictionary :) imagine request with json list payload.

p.s. DRF 2.x should be supported, where .data is not available.

return super(OAuthLibCore, self).extract_body(request)