diff options
| author | Sébastien Piquemal | 2012-01-31 23:21:55 +0200 |
|---|---|---|
| committer | Sébastien Piquemal | 2012-01-31 23:21:55 +0200 |
| commit | 279fa0d371b73974b87267edabe2a4f76a198ebb (patch) | |
| tree | 28b3a7aa6d489ad1e93acb14c3e890c8733f85cf /djangorestframework/authentication.py | |
| parent | 152c385f4de37558fe4e522abad5b97f0cf7ddce (diff) | |
| parent | b2fcfffb3bdaed89d39ee563c58dc0ede5e857ac (diff) | |
| download | django-rest-framework-279fa0d371b73974b87267edabe2a4f76a198ebb.tar.bz2 | |
merge
Diffstat (limited to 'djangorestframework/authentication.py')
| -rw-r--r-- | djangorestframework/authentication.py | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/djangorestframework/authentication.py b/djangorestframework/authentication.py index 20a5f34a..e326c15a 100644 --- a/djangorestframework/authentication.py +++ b/djangorestframework/authentication.py @@ -87,25 +87,12 @@ class UserLoggedInAuthentication(BaseAuthentication): Returns a :obj:`User` if the request session currently has a logged in user. Otherwise returns :const:`None`. """ - # TODO: Might be cleaner to switch this back to using request.POST, - # and let FormParser/MultiPartParser deal with the consequences. + request.DATA # Make sure our generic parsing runs first + if getattr(request, 'user', None) and request.user.is_active: # Enforce CSRF validation for session based authentication. - - # Temporarily replace request.POST with .DATA, to use our generic parsing. - # If DATA is not dict-like, use an empty dict. - if request.method.upper() == 'POST': - if hasattr(request.DATA, 'get'): - request._post = request.DATA - else: - request._post = {} - resp = CsrfViewMiddleware().process_view(request, None, (), {}) - # Replace request.POST - if request.method.upper() == 'POST': - del(request._post) - if resp is None: # csrf passed return request.user return None |