Opened 3 years ago
Last modified 3 years ago
#33513 closed Bug
Custom authentication class: raising AuthenticationFailed leads to 403 — at Version 1
| Reported by: | Aurel | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 3.2 |
| Severity: | Normal | Keywords: | authentication |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Hi,
I am writing a custom authentication class. I overwrite:
def authenticate(self, request):
If a user is not authenticated I do:
raise exceptions.AuthenticationFailed(_('Invalid token.'))
I expect that djano returns a 401. But django returns 403 like if I were in has_permission(). But I am in authenticate() for sure and if there this exception is raised Django, sholuld return a 401!
My custom auth class inherits from BaseAuthentication:
from rest_framework.authentication import BaseAuthentication
Note:
See TracTickets
for help on using tickets.