authentication refactor : request.user + tests pass

1 files changed, 38 insertions, 3 deletions

diff --git a/djangorestframework/request.py b/djangorestframework/request.py
index e8f2b8c3..964231ba 100644
--- a/djangorestframework/request.py
+++ b/djangorestframework/request.py
@@ -8,14 +8,15 @@ The wrapped request then offers a richer API, in particular :
     - full support of PUT method, including support for file uploads
     - form overloading of HTTP method, content type and content
 """
+from StringIO import StringIO
+
+from django.contrib.auth.models import AnonymousUser
 
 from djangorestframework.response import ImmediateResponse
 from djangorestframework import status
 from djangorestframework.utils.mediatypes import is_form_media_type
 from djangorestframework.utils import as_tuple
 
-from StringIO import StringIO
-
 
 __all__ = ('Request',)
 
@@ -27,6 +28,7 @@ class Request(object):
     Kwargs:
         - request(HttpRequest). The original request instance.
         - parsers(list/tuple). The parsers to use for parsing the request content.
+        - authentications(list/tuple). The authentications used to try authenticating the request's user.
     """
 
     _USE_FORM_OVERLOADING = True
@@ -34,10 +36,12 @@ class Request(object):
     _CONTENTTYPE_PARAM = '_content_type'
     _CONTENT_PARAM = '_content'
 
-    def __init__(self, request=None, parsers=None):
+    def __init__(self, request, parsers=None, authentications=None):
         self.request = request
         if parsers is not None:
             self.parsers = parsers
+        if authentications is not None:
+            self.authentications = authentications
 
     @property
     def method(self):
@@ -87,6 +91,16 @@ class Request(object):
             self._load_data_and_files()
         return self._files
 
+    @property
+    def user(self):
+        """
+        Returns the :obj:`user` for the current request, authenticated 
+        with the set of :class:`authentication` instances applied to the :class:`Request`.
+        """
+        if not hasattr(self, '_user'):
+            self._user = self._authenticate()
+        return self._user
+
     def _load_data_and_files(self):
         """
         Parses the request content into self.DATA and self.FILES.
@@ -192,6 +206,27 @@ class Request(object):
 
     parsers = property(_get_parsers, _set_parsers)
 
+    def _authenticate(self):
+        """
+        Attempt to authenticate the request using each authentication instance in turn.
+        Returns a ``User`` object, which may be ``AnonymousUser``.
+        """
+        for authentication in self.authentications:
+            user = authentication.authenticate(self)
+            if user:
+                return user
+        return AnonymousUser()
+
+    def _get_authentications(self):
+        if hasattr(self, '_authentications'):
+            return self._authentications
+        return ()
+
+    def _set_authentications(self, value):
+        self._authentications = value
+
+    authentications = property(_get_authentications, _set_authentications)
+
     def __getattr__(self, name):
         """
         When an attribute is not present on the calling instance, try to get it