Lraucy/fix basic auth handling

.travis.yml

@@ -5,6 +5,8 @@ python:
 env:
   - DJANGO_VERSION=1.3
   - DJANGO_VERSION=1.4
+  - DJANGO_VERSION=1.5
+  - DJANGO_VERSION=1.6
 install:
   - pip install -q Django==$DJANGO_VERSION --use-mirrors
   - pip install -q -r requirements.txt --use-mirrors

README.md

@@ -1,6 +1,6 @@
 # Django Rest Framework DigestAuth
 
-[![Build Status](https://travis-ci.org/juanriaza/django-rest-framework-digestauth.png?branch=master)](https://travis-ci.org/juanriaza/django-rest-framework-digestauth)
+[![Build Status](https://travis-ci.org/Multiposting/django-rest-framework-digestauth.png?branch=master)](https://travis-ci.org/juanriaza/django-rest-framework-digestauth)
 
 
 

rest_framework_digestauth/authentication.py

@@ -29,12 +29,15 @@ class DigestAuthentication(BaseAuthentication):
 
     def authenticate(self, request):
         if 'HTTP_AUTHORIZATION' in request.META:
-            self.parse_authorization_header(request.META['HTTP_AUTHORIZATION'])
-            self.check_authorization_request_header()
-            user = self.get_user()
-            password = self.get_token(user)
-            if self.check_digest_auth(request, password):
-                return user, None
+            auth_header = request.META['HTTP_AUTHORIZATION']
+            if auth_header.startswith('Digest '):
+                auth_header = auth_header.replace('Digest ', '')
+                self.auth_header = parse_dict_header(auth_header)
+                self.check_authorization_request_header()
+                user = self.get_user()
+                password = self.get_token(user)
+                if self.check_digest_auth(request, password):
+                    return user, None
 
     def authenticate_header(self, request):
         """

rest_framework_digestauth/tests.py

@@ -1,13 +1,15 @@
+import base64
 import os
 import time
 import hashlib
 
 from django.contrib.auth import get_user_model
 from django.test import Client, TestCase
 
-from rest_framework.tests.authentication import MockView
+from rest_framework.tests.test_authentication import MockView
 from rest_framework.authtoken.models import Token
 from rest_framework.compat import patterns
+from rest_framework import HTTP_HEADER_ENCODING
 
 from rest_framework_digestauth.authentication import DigestAuthentication
 from rest_framework_digestauth.utils import parse_dict_header
@@ -60,6 +62,14 @@ def md5_utf8(x):
     return 'Digest %s' % base
 
 
+def build_basic_header(username, password):
+    credentials = '%s:%s' % (username, password)
+    base64_credentials = base64.b64encode(
+        credentials.encode(HTTP_HEADER_ENCODING)
+    ).decode(HTTP_HEADER_ENCODING)
+    return 'Basic %s' % base64_credentials
+
+
 class DigestAuthTests(TestCase):
     """Digest Authentication"""
 
@@ -95,3 +105,14 @@ def test_access(self):
                                          {'example': 'example'},
                                          HTTP_AUTHORIZATION=auth)
         self.assertEqual(response.status_code, 200)
+
+    def test_basic_access(self):
+        """Test if a basic access attempt results in another 401."""
+
+        response = self.csrf_client.post('/digest-auth/',
+                                         {'example': 'example'})
+        auth = build_basic_header('john', 'abcd1234')
+        response = self.csrf_client.post('/digest-auth/',
+                                         {'example': 'example'},
+                                         HTTP_AUTHORIZATION=auth)
+        self.assertEqual(response.status_code, 401)