Don't trim whitespace from authtoken passwords

tomchuk · tomchuk · commit c9c383dfad54 · 2017-05-17T14:52:39.000-04:00
* Fixes encode#5148
diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py
@@ -6,7 +6,8 @@
 
 class AuthTokenSerializer(serializers.Serializer):
     username = serializers.CharField(label=_("Username"))
-    password = serializers.CharField(label=_("Password"), style={'input_type': 'password'})
+    password = serializers.CharField(label=_("Password"),
+        style={'input_type': 'password'}, trim_whitespace=False)
 
     def validate(self, attrs):
         username = attrs.get('username')
diff --git a/tests/test_authtoken.py b/tests/test_authtoken.py
@@ -27,3 +27,9 @@ def test_token_string_representation(self):
     def test_validate_raise_error_if_no_credentials_provided(self):
         with pytest.raises(ValidationError):
             AuthTokenSerializer().validate({})
+
+    def test_whitespace_in_password(self):
+        data = {'username': self.user.username, 'password': 'test pass '}
+        self.user.set_password(data['password'])
+        self.user.save()
+        assert AuthTokenSerializer(data=data).is_valid()
