Jesper Nøhr  committed abecaaa

only dispatching to anonymous handler is it wants the method. using AnonymousUser instead of False for failed auth

  • Participants
  • Parent commits ca203be
  • Branches default

Comments (0)

Files changed (3)

File piston/

 from django.http import HttpResponse, HttpResponseRedirect
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, AnonymousUser
 from django.contrib.auth.decorators import login_required
 from django.template import loader
 from django.conf import settings
         auth = auth.strip().decode('base64')
         (username, password) = auth.split(':', 1)
-        request.user = self.auth_func(username, password)
+        request.user = self.auth_func(username, password) or AnonymousUser()
-        return not request.user is False
+        return not request.user in (False, AnonymousUser())
     def challenge(self):
         resp = HttpResponse("Authorization Required")

File piston/

         NB: Sends a `Vary` header so we don't cache requests
         that are different (OAuth stuff in `Authorization` header.)
+        rm = request.method.upper()
         if not self.authentication.is_authenticated(request):
-            if hasattr(self.handler, 'anonymous') and callable(self.handler.anonymous):
+            if hasattr(self.handler, 'anonymous') and \
+                callable(self.handler.anonymous) and \
+                rm in self.handler.anonymous.allowed_methods:
                 handler = self.handler.anonymous()
                 anonymous = True
             handler = self.handler
             anonymous = handler.is_anonymous
-        rm = request.method.upper()
         # Django's internal mechanism doesn't pick up
         # PUT request, so we trick it a little here.
         if rm == "PUT":

File piston/

 from datetime import datetime, timedelta
-__version__ = '0.2'
+__version__ = '0.2.1'
 def get_version():
     return __version__