You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This caused me an issue because I have subclasses OAuth2Authentication and to override authenticate. Of course I did not know of this "side effect" and a lot of tests started to fail on my project. Was quite hard to debug.
Granted it's odd that we override this class, we have legacy reasons to do so. I think the authenticate_header method should be more relaxed and look like
if hasattr(request, 'oauth2_error'):
www_authenticate_attributes.update(request.oauth2_error)
What do you think?
The text was updated successfully, but these errors were encountered:
gbataille
changed the title
Undocumented (error prone) django-rest-framework contrib API
Undocumented (error prone) django-rest-framework authentication side-effect
Aug 15, 2018
* Use getattr for oauth2_error access (#633)
If the request doesn't have a oauth2_error property the
authenticate_header method errors. This can happen when the
oauthlib_core.verify_request method raises exceptions in authenticate.
It is useful to be able to raise AuthenticationFailed exceptions from
within a custom validate_bearer_token method which causes this.
* Add Test OAuth2Authentication authenticate override
Added a test for if an authenticate method that returns
None is used. This should result in a HTTP 401 response
for any request.
Hello,
In here https://github.com/jazzband/django-oauth-toolkit/blob/master/oauth2_provider/contrib/rest_framework/authentication.py, the
authenticate
method has a hidden that effect. On authentication error, it sets aoauth2_error
attribute on the request and thenauthenticate_header
assumes it's there.This caused me an issue because I have subclasses
OAuth2Authentication
and to overrideauthenticate
. Of course I did not know of this "side effect" and a lot of tests started to fail on my project. Was quite hard to debug.Granted it's odd that we override this class, we have legacy reasons to do so. I think the
authenticate_header
method should be more relaxed and look likeWhat do you think?
The text was updated successfully, but these errors were encountered: