Implement setting for Auth header prefix #32

jpadilla · Aug 30, 2014 · 9e5f572 · 9e5f572
1 parent 345f571
commit 9e5f572
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -103,6 +103,8 @@ JWT_AUTH = {
 
     'JWT_ALLOW_REFRESH': False,
     'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),
+
+    'JWT_AUTH_HEADER_PREFIX': 'JWT',
 }
 ```
 This packages uses the JSON Web Token Python implementation, [PyJWT](https://github.com/progrium/pyjwt) and allows to modify some of it's available options.

diff --git a/rest_framework_jwt/authentication.py b/rest_framework_jwt/authentication.py
@@ -1,8 +1,8 @@
 import jwt
 from rest_framework import exceptions
+from rest_framework_jwt.settings import api_settings
 from rest_framework.authentication import (BaseAuthentication,
                                            get_authorization_header)
-from rest_framework_jwt.settings import api_settings
 
 try:
     from django.contrib.auth import get_user_model
@@ -33,15 +33,16 @@ def authenticate(self, request):
         supplied using JWT-based authentication.  Otherwise returns `None`.
         """
         auth = get_authorization_header(request).split()
+        jwt_auth_header_prefix = api_settings.JWT_AUTH_HEADER_PREFIX
 
-        if not auth or auth[0].lower() != b'jwt':
+        if not auth or auth[0].lower() != jwt_auth_header_prefix.lower():
             return None
 
         if len(auth) == 1:
-            msg = 'Invalid JWT header. No credentials provided.'
+            msg = 'Invalid Authorization header. No credentials provided.'
             raise exceptions.AuthenticationFailed(msg)
         elif len(auth) > 2:
-            msg = ('Invalid JWT header. Credentials string '
+            msg = ('Invalid Authorization header. Credentials string '
                    'should not contain spaces.')
             raise exceptions.AuthenticationFailed(msg)
 

diff --git a/rest_framework_jwt/settings.py b/rest_framework_jwt/settings.py
@@ -29,7 +29,7 @@
     'JWT_ALLOW_REFRESH': False,
     'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),
 
-    'JWT_AUTH_HEADER_PREFIX': 'JWT'
+    'JWT_AUTH_HEADER_PREFIX': 'JWT',
 }
 
 # List of settings that may be in string import notation.

diff --git a/tests/test_authentication.py b/tests/test_authentication.py
@@ -11,6 +11,7 @@
 from rest_framework.views import APIView
 
 from rest_framework_jwt import utils
+from rest_framework_jwt.settings import api_settings, DEFAULTS
 from rest_framework_jwt.authentication import JSONWebTokenAuthentication
 
 
@@ -56,7 +57,7 @@ def setUp(self):
 
     def test_post_form_passing_jwt_auth(self):
         """
-        Ensure POSTing json over JWT auth with correct credentials
+        Ensure POSTing form over JWT auth with correct credentials
         passes and does not require CSRF
         """
         payload = utils.jwt_payload_handler(self.user)
@@ -70,7 +71,7 @@ def test_post_form_passing_jwt_auth(self):
 
     def test_post_json_passing_jwt_auth(self):
         """
-        Ensure POSTing form over JWT auth with correct credentials
+        Ensure POSTing JSON over JWT auth with correct credentials
         passes and does not require CSRF
         """
         payload = utils.jwt_payload_handler(self.user)
@@ -108,7 +109,7 @@ def test_post_no_jwt_header_failing_jwt_auth(self):
             '/jwt/', {'example': 'example'},
             HTTP_AUTHORIZATION=auth, format='json')
 
-        msg = 'Invalid JWT header. No credentials provided.'
+        msg = 'Invalid Authorization header. No credentials provided.'
 
         self.assertEqual(response.data['detail'], msg)
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@@ -123,7 +124,7 @@ def test_post_invalid_jwt_header_failing_jwt_auth(self):
             '/jwt/', {'example': 'example'},
             HTTP_AUTHORIZATION=auth, format='json')
 
-        msg = ('Invalid JWT header. Credentials string '
+        msg = ('Invalid Authorization header. Credentials string '
                'should not contain spaces.')
 
         self.assertEqual(response.data['detail'], msg)
@@ -223,3 +224,23 @@ def test_post_form_passing_jwt_invalid_payload(self):
 
         self.assertEqual(response.data['detail'], msg)
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_different_auth_header_prefix(self):
+        """
+        Ensure using a different setting for `JWT_AUTH_HEADER_PREFIX` and
+        with correct credentials passes.
+        """
+        api_settings.JWT_AUTH_HEADER_PREFIX = 'Bearer'
+
+        payload = utils.jwt_payload_handler(self.user)
+        token = utils.jwt_encode_handler(payload)
+
+        auth = 'Bearer {0}'.format(token)
+        response = self.csrf_client.post(
+            '/jwt/', {'example': 'example'},
+            HTTP_AUTHORIZATION=auth, format='json')
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        # Restore original settings
+        api_settings.JWT_AUTH_HEADER_PREFIX = DEFAULTS['JWT_AUTH_HEADER_PREFIX']