Opened 3 years ago
Last modified 3 years ago
#33513 closed Bug
Custom authentication class: raising AuthenticationFailed leads to 403 — at Initial Version
Reported by: | Aurel | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | 3.2 |
Severity: | Normal | Keywords: | authentication |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Hi,
I am writing a custom authentication class. I overwrite:
def authenticate(self, request):
If a user is not authenticated I do:
raise exceptions.AuthenticationFailed(_('Invalid token.'))
I expect that djano returns a 401. But django returns 403 like i were in has_permission(). But I am in authenticate() for sure and if there this exception is raised Django shaluld return a 401!
My custom auth class inherits from BaseAuthentication:
from rest_framework.authentication import BaseAuthentication