Opened 3 years ago
Last modified 3 years ago
#33513 closed Bug
Custom authentication class: raising AuthenticationFailed leads to 403 — at Version 2
Reported by: | Aurel | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | 3.2 |
Severity: | Normal | Keywords: | authentication |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Hi,
I am writing a custom authentication class. I overwrite:
def authenticate(self, request):
If a user is not authenticated I do:
raise exceptions.AuthenticationFailed(_('Invalid token.'))
I expect that djano returns a 401. But django returns 403 like if I were in has_permission(). But I am in authenticate() for sure. And if in this methoid this exception is raised Django, sholuld return a 401!
My custom auth class inherits from BaseAuthentication:
from rest_framework.authentication import BaseAuthentication
Change History (2)
comment:1 by , 3 years ago
Description: | modified (diff) |
---|
comment:2 by , 3 years ago
Description: | modified (diff) |
---|