`KeyParser` should match `keyword` exactly
Closed this issue · 1 comments
Kostia-K commented
KeyParser
matches if authentication scheme ends with the keyword. I suppose, this situation shouldn't come up in most use cases but this behaviour is surprising nonetheless. Example:
from rest_framework_api_key.permissions import KeyParser
class Request:
pass
request = Request()
request.META = {"HTTP_AUTHORIZATION": "My-Special-Api-Key 123456789"}
# prints the key 123456789
print(KeyParser().get(request))
In comparison, Django Rest Framework TokenAuthentication
matches the keyword exactly (case-insensitive): https://github.com/encode/django-rest-framework/blob/master/rest_framework/authentication.py#L177
florimondmanca commented
That sounds inappropriate, yup. Marked this as a bug. Anyone up for digging into this, much welcome!