djangorestframework-api-key icon indicating copy to clipboard operation
djangorestframework-api-key copied to clipboard

Published 20 hours ago verified publisher icon florimondmanca

`KeyParser` should match `keyword` exactly

Open Kostia-K opened this issue 3 years ago • 0 comments

KeyParser matches if authentication scheme ends with the keyword. I suppose, this situation shouldn't come up in most use cases but this behaviour is surprising nonetheless. Example:

from rest_framework_api_key.permissions import KeyParser

class Request:
    pass

request = Request()
request.META = {"HTTP_AUTHORIZATION": "My-Special-Api-Key 123456789"}

# prints the key 123456789
print(KeyParser().get(request))

In comparison, Django Rest Framework TokenAuthentication matches the keyword exactly (case-insensitive): https://github.com/encode/django-rest-framework/blob/master/rest_framework/authentication.py#L177

Kostia-K avatar Jul 14 '22 00:07 Kostia-K