fix(dyn): align authentication scheme behavior for invalid usernames

In #132, we discussed that logins with valid token and invalid domain
username should trigger 404, not 401. This was only applied to
URLParamAuthentication, and is now also applied to
BasicTokenAuthentication.

Partially reverts beb085cf75579953cbf97b1b7e9679c050321484

api/desecapi/authentication.py

@@ -2,7 +2,7 @@ from __future__ import unicode_literals
 import base64
 from rest_framework import exceptions, HTTP_HEADER_ENCODING
 from rest_framework.authentication import BaseAuthentication, get_authorization_header, authenticate
-from desecapi.models import Domain, Token
+from desecapi.models import Token
 from rest_framework.authentication import TokenAuthentication as RestFrameworkTokenAuthentication
 
 
@@ -55,12 +55,6 @@ class BasicTokenAuthentication(BaseAuthentication):
         if not token.user.is_active:
             raise exceptions.AuthenticationFailed(invalid_token_message)
 
-        if user:
-            try:
-                Domain.objects.get(owner=token.user.pk, name=user)
-            except:
-                raise exceptions.AuthenticationFailed('Invalid username')
-
         return token.user, token
 
     def authenticate_header(self, request):

api/desecapi/tests/testdyndns12update.py

@@ -182,7 +182,7 @@ class DynDNS12UpdateTest(APITestCase):
         self.client.credentials(HTTP_AUTHORIZATION='Basic ' + base64.b64encode((self.username + '.invalid:' + self.password).encode()).decode())
         url = reverse('dyndns12update')
         response = self.client.get(url, REMOTE_ADDR='10.5.5.5')
-        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
     def testIdentificationByTokenWithEmptyUser(self):
         self.client.credentials(HTTP_AUTHORIZATION='Basic ' + base64.b64encode((':' + self.password).encode()).decode())