diff options
| author | Tom Christie | 2012-01-24 19:26:37 +0000 |
|---|---|---|
| committer | Tom Christie | 2012-01-24 19:26:37 +0000 |
| commit | 1d9f24f60d1348c53e9a88cb605c7890b6c40146 (patch) | |
| tree | a5b33d618421710a94b53a8a4656df86c9f9046e /djangorestframework | |
| parent | 863bbe7684c44921b779a69c6b4c2ff16a223bd8 (diff) | |
| download | django-rest-framework-1d9f24f60d1348c53e9a88cb605c7890b6c40146.tar.bz2 | |
Fix UserLoggedInAuthentication for POST requests.
Fixes #78.
Diffstat (limited to 'djangorestframework')
| -rw-r--r-- | djangorestframework/authentication.py | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/djangorestframework/authentication.py b/djangorestframework/authentication.py index b61af32a..f46a9c46 100644 --- a/djangorestframework/authentication.py +++ b/djangorestframework/authentication.py @@ -87,25 +87,12 @@ class UserLoggedInAuthentication(BaseAuthentication): Returns a :obj:`User` if the request session currently has a logged in user. Otherwise returns :const:`None`. """ - # TODO: Might be cleaner to switch this back to using request.POST, - # and let FormParser/MultiPartParser deal with the consequences. + self.view.DATA # Make sure our generic parsing runs first + if getattr(request, 'user', None) and request.user.is_active: # Enforce CSRF validation for session based authentication. - - # Temporarily replace request.POST with .DATA, to use our generic parsing. - # If DATA is not dict-like, use an empty dict. - if request.method.upper() == 'POST': - if hasattr(self.view.DATA, 'get'): - request._post = self.view.DATA - else: - request._post = {} - resp = CsrfViewMiddleware().process_view(request, None, (), {}) - # Replace request.POST - if request.method.upper() == 'POST': - del(request._post) - if resp is None: # csrf passed return request.user return None |