diff options
| author | Tom Christie | 2011-04-04 09:19:49 +0100 |
|---|---|---|
| committer | Tom Christie | 2011-04-04 09:19:49 +0100 |
| commit | 5e2e2f14229577b6294bafbd9b420b2a6deeb6f0 (patch) | |
| tree | fec8cb2f21fd9faa78a9f6bcfcb223f3d54d77e6 | |
| parent | 3cdb4e26486e93a22231a7224a31f1490554a00c (diff) | |
| download | django-rest-framework-5e2e2f14229577b6294bafbd9b420b2a6deeb6f0.tar.bz2 | |
Turn streaming request parsing back on for 1.3. Fix CSRF which was breaking it. It's really not at all obvious if we need to byte limit the stream that we hand over or not.
| -rw-r--r-- | djangorestframework/authenticators.py | 5 | ||||
| -rw-r--r-- | djangorestframework/request.py | 39 |
2 files changed, 33 insertions, 11 deletions
diff --git a/djangorestframework/authenticators.py b/djangorestframework/authenticators.py index 29875c64..ce7abd10 100644 --- a/djangorestframework/authenticators.py +++ b/djangorestframework/authenticators.py @@ -71,8 +71,11 @@ class BasicAuthenticator(BaseAuthenticator): class UserLoggedInAuthenticator(BaseAuthenticator): """Use Djagno's built-in request session for authentication.""" def authenticate(self, request): - if getattr(request, 'user', None) and request.user.is_active: + if getattr(request, 'user', None) and request.user.is_active: + # Temporarily request.POST with .RAW_CONTENT, so that we use our more generic request parsing + request._post = self.mixin.RAW_CONTENT resp = CsrfViewMiddleware().process_view(request, None, (), {}) + del(request._post) if resp is None: # csrf passed return request.user return None diff --git a/djangorestframework/request.py b/djangorestframework/request.py index 5da679ef..02692e6b 100644 --- a/djangorestframework/request.py +++ b/djangorestframework/request.py @@ -67,16 +67,35 @@ class RequestMixin(object): """ if not hasattr(self, '_stream'): request = self.request - # We ought to be able to return a stream rather than reading the stream. - # Not quite working just yet... - #if hasattr(request, 'read'): - # try: - # content_length = int(request.META.get('CONTENT_LENGTH',0)) - # except (ValueError, TypeError): - # content_length = 0 - # self._stream = LimitBytes(request, content_length) - #else: - self._stream = StringIO(request.raw_post_data) + + if hasattr(request, 'read'): + # It's not at all clear if this needs to be byte limited or not. + # Maybe I'm just being dumb but it looks to me like there's some issues + # with that in Django. + # + # Either: + # 1. It *can't* be treated as a limited byte stream, and you _do_ need to + # respect CONTENT_LENGTH, in which case that ought to be documented, + # and there probably ought to be a feature request for it to be + # treated as a limited byte stream. + # 2. It *can* be treated as a limited byte stream, in which case there's a + # minor bug in the test client, and potentially some redundant + # code in MultipartParser. + # + # It's an issue because it affects if you can pass a request off to code that + # does something like: + # + # while stream.read(BUFFER_SIZE): + # [do stuff] + # + #try: + # content_length = int(request.META.get('CONTENT_LENGTH',0)) + #except (ValueError, TypeError): + # content_length = 0 + # self._stream = LimitedStream(request, content_length) + self._stream = request + else: + self._stream = StringIO(request.raw_post_data) return self._stream |