diff options
| author | Sébastien Piquemal | 2012-02-02 08:39:15 +0200 |
|---|---|---|
| committer | Sébastien Piquemal | 2012-02-02 08:39:15 +0200 |
| commit | 5f59d90645dfddc293bbbbc4ca9b4c3f3125b590 (patch) | |
| tree | aa3d091a1f61f5717f7f1a9e96334308bb13c7d9 /djangorestframework/authentication.py | |
| parent | 152c385f4de37558fe4e522abad5b97f0cf7ddce (diff) | |
| parent | 894f63259880252ed5317ce485eb13c4429b65c1 (diff) | |
| download | django-rest-framework-5f59d90645dfddc293bbbbc4ca9b4c3f3125b590.tar.bz2 | |
merged with trunk's master
Diffstat (limited to 'djangorestframework/authentication.py')
| -rw-r--r-- | djangorestframework/authentication.py | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/djangorestframework/authentication.py b/djangorestframework/authentication.py index 20a5f34a..f46a9c46 100644 --- a/djangorestframework/authentication.py +++ b/djangorestframework/authentication.py @@ -87,25 +87,12 @@ class UserLoggedInAuthentication(BaseAuthentication): Returns a :obj:`User` if the request session currently has a logged in user. Otherwise returns :const:`None`. """ - # TODO: Might be cleaner to switch this back to using request.POST, - # and let FormParser/MultiPartParser deal with the consequences. + self.view.DATA # Make sure our generic parsing runs first + if getattr(request, 'user', None) and request.user.is_active: # Enforce CSRF validation for session based authentication. - - # Temporarily replace request.POST with .DATA, to use our generic parsing. - # If DATA is not dict-like, use an empty dict. - if request.method.upper() == 'POST': - if hasattr(request.DATA, 'get'): - request._post = request.DATA - else: - request._post = {} - resp = CsrfViewMiddleware().process_view(request, None, (), {}) - # Replace request.POST - if request.method.upper() == 'POST': - del(request._post) - if resp is None: # csrf passed return request.user return None |