Add custom header in settings (jazzband#309)

dgmouris · web-flow · commit f511e0aeabc2 · 2020-10-05T20:12:58.000-04:00
diff --git a/docs/settings.rst b/docs/settings.rst
@@ -28,6 +28,7 @@ Some of Simple JWT's behavior can be customized through settings variables in
       'ISSUER': None,
 
       'AUTH_HEADER_TYPES': ('Bearer',),
+      'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
       'USER_ID_FIELD': 'id',
       'USER_ID_CLAIM': 'user_id',
 
@@ -155,6 +156,11 @@ tuple of possible header types (e.g. ``('Bearer', 'JWT')``).  If a list or
 tuple is used in this way, and authentication fails, the first item in the
 collection will be used to build the "WWW-Authenticate" header in the response.
 
+``AUTH_HEADER_NAME``
+----------------------------
+
+The authorization header name to be used for authentication. The default is ``HTTP_AUTHORIZATION`` which will accept the ``Authorization`` header in the request. For example if you'd like to use ``X_Access_Token`` in the header of your requests please specify the ``AUTH_HEADER_NAME`` to be ``HTTP_X_ACCESS_TOKEN`` in your settings.
+
 ``USER_ID_FIELD``
 -----------------
 
diff --git a/rest_framework_simplejwt/authentication.py b/rest_framework_simplejwt/authentication.py
@@ -47,7 +47,7 @@ def get_header(self, request):
         Extracts the header containing the JSON web token from the given
         request.
         """
-        header = request.META.get('HTTP_AUTHORIZATION')
+        header = request.META.get(api_settings.AUTH_HEADER_NAME)
 
         if isinstance(header, str):
             # Work around django test client oddness
diff --git a/rest_framework_simplejwt/settings.py b/rest_framework_simplejwt/settings.py
@@ -23,6 +23,7 @@
     'ISSUER': None,
 
     'AUTH_HEADER_TYPES': ('Bearer',),
+    'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
     'USER_ID_FIELD': 'id',
     'USER_ID_CLAIM': 'user_id',
     'USER_AUTHENTICATION_RULE': 'rest_framework_simplejwt.authentication.default_user_authentication_rule',
diff --git a/tests/test_authentication.py b/tests/test_authentication.py
@@ -40,6 +40,16 @@ def test_get_header(self):
         request = self.factory.get('/test-url/', HTTP_AUTHORIZATION=self.fake_header.decode('utf-8'))
         self.assertEqual(self.backend.get_header(request), self.fake_header)
 
+        # Should work with the x_access_token
+        with override_api_settings(AUTH_HEADER_NAME='HTTP_X_ACCESS_TOKEN'):
+            # Should pull correct header off request when using X_ACCESS_TOKEN
+            request = self.factory.get('/test-url/', HTTP_X_ACCESS_TOKEN=self.fake_header)
+            self.assertEqual(self.backend.get_header(request), self.fake_header)
+
+            # Should work for unicode headers when using
+            request = self.factory.get('/test-url/', HTTP_X_ACCESS_TOKEN=self.fake_header.decode('utf-8'))
+            self.assertEqual(self.backend.get_header(request), self.fake_header)
+
     def test_get_raw_token(self):
         # Should return None if header lacks correct type keyword
         with override_api_settings(AUTH_HEADER_TYPES='JWT'):
