diff --git a/.travis.yml b/.travis.yml index b2b2652..55b18e0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,8 @@ python: env: - DJANGO_VERSION=1.3 - DJANGO_VERSION=1.4 + - DJANGO_VERSION=1.5 + - DJANGO_VERSION=1.6 install: - pip install -q Django==$DJANGO_VERSION --use-mirrors - pip install -q -r requirements.txt --use-mirrors diff --git a/README.md b/README.md index 24b86b2..89e52de 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Django Rest Framework DigestAuth -[![Build Status](https://travis-ci.org/juanriaza/django-rest-framework-digestauth.png?branch=master)](https://travis-ci.org/juanriaza/django-rest-framework-digestauth) +[![Build Status](https://travis-ci.org/Multiposting/django-rest-framework-digestauth.png?branch=master)](https://travis-ci.org/juanriaza/django-rest-framework-digestauth) diff --git a/rest_framework_digestauth/authentication.py b/rest_framework_digestauth/authentication.py index 1ee0ed4..c9afa6c 100644 --- a/rest_framework_digestauth/authentication.py +++ b/rest_framework_digestauth/authentication.py @@ -29,12 +29,15 @@ class DigestAuthentication(BaseAuthentication): def authenticate(self, request): if 'HTTP_AUTHORIZATION' in request.META: - self.parse_authorization_header(request.META['HTTP_AUTHORIZATION']) - self.check_authorization_request_header() - user = self.get_user() - password = self.get_token(user) - if self.check_digest_auth(request, password): - return user, None + auth_header = request.META['HTTP_AUTHORIZATION'] + if auth_header.startswith('Digest '): + auth_header = auth_header.replace('Digest ', '') + self.auth_header = parse_dict_header(auth_header) + self.check_authorization_request_header() + user = self.get_user() + password = self.get_token(user) + if self.check_digest_auth(request, password): + return user, None def authenticate_header(self, request): """ diff --git a/rest_framework_digestauth/tests.py b/rest_framework_digestauth/tests.py index 7732376..9e2ecab 100644 --- a/rest_framework_digestauth/tests.py +++ b/rest_framework_digestauth/tests.py @@ -1,3 +1,4 @@ +import base64 import os import time import hashlib @@ -5,9 +6,10 @@ from django.contrib.auth import get_user_model from django.test import Client, TestCase -from rest_framework.tests.authentication import MockView +from rest_framework.tests.test_authentication import MockView from rest_framework.authtoken.models import Token from rest_framework.compat import patterns +from rest_framework import HTTP_HEADER_ENCODING from rest_framework_digestauth.authentication import DigestAuthentication from rest_framework_digestauth.utils import parse_dict_header @@ -60,6 +62,14 @@ def md5_utf8(x): return 'Digest %s' % base +def build_basic_header(username, password): + credentials = '%s:%s' % (username, password) + base64_credentials = base64.b64encode( + credentials.encode(HTTP_HEADER_ENCODING) + ).decode(HTTP_HEADER_ENCODING) + return 'Basic %s' % base64_credentials + + class DigestAuthTests(TestCase): """Digest Authentication""" @@ -95,3 +105,14 @@ def test_access(self): {'example': 'example'}, HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, 200) + + def test_basic_access(self): + """Test if a basic access attempt results in another 401.""" + + response = self.csrf_client.post('/digest-auth/', + {'example': 'example'}) + auth = build_basic_header('john', 'abcd1234') + response = self.csrf_client.post('/digest-auth/', + {'example': 'example'}, + HTTP_AUTHORIZATION=auth) + self.assertEqual(response.status_code, 401)