Merge branch 'master' into 2.4.0

author: Tom Christie 2013-08-19 20:58:28 +0100
committer: Tom Christie 2013-08-19 20:58:28 +0100
commit: 28e44efe25b5373f0f46357e4e26f7cb0482efa6 (patch)
tree: 9dd36c65ade4b801cfb7e93be7123fc5a5fb69e4 /rest_framework/authentication.py
parent: 9e4e2c60f75f596d3f9e32deaab23bf98fc8ef0f (diff)
parent: 34d65119fc1c200b76a8af7213a92d6b279bd478 (diff)
download: django-rest-framework-28e44efe25b5373f0f46357e4e26f7cb0482efa6.tar.bz2
1 files changed, 17 insertions, 11 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index 10298027..cf001a24 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -26,6 +26,12 @@ def get_authorization_header(request):
     return auth
 
 
+class CSRFCheck(CsrfViewMiddleware):
+    def _reject(self, request, reason):
+        # Return the failure reason instead of an HttpResponse
+        return reason
+
+
 class BaseAuthentication(object):
     """
     All authentication classes should extend BaseAuthentication.
@@ -103,27 +109,27 @@ class SessionAuthentication(BaseAuthentication):
         """
 
         # Get the underlying HttpRequest object
-        http_request = request._request
-        user = getattr(http_request, 'user', None)
+        request = request._request
+        user = getattr(request, 'user', None)
 
         # Unauthenticated, CSRF validation not required
         if not user or not user.is_active:
             return None
 
-        # Enforce CSRF validation for session based authentication.
-        class CSRFCheck(CsrfViewMiddleware):
-            def _reject(self, request, reason):
-                # Return the failure reason instead of an HttpResponse
-                return reason
+        self.enforce_csrf(request)
+
+        # CSRF passed with authenticated user
+        return (user, None)
 
-        reason = CSRFCheck().process_view(http_request, None, (), {})
+    def enforce_csrf(self, request):
+        """
+        Enforce CSRF validation for session based authentication.
+        """
+        reason = CSRFCheck().process_view(request, None, (), {})
         if reason:
             # CSRF failed, bail with explicit error message
             raise exceptions.AuthenticationFailed('CSRF Failed: %s' % reason)
 
-        # CSRF passed with authenticated user
-        return (user, None)
-
 
 class TokenAuthentication(BaseAuthentication):
     """
author	Tom Christie	2013-08-19 20:58:28 +0100
committer	Tom Christie	2013-08-19 20:58:28 +0100
commit	28e44efe25b5373f0f46357e4e26f7cb0482efa6 (patch)
tree	9dd36c65ade4b801cfb7e93be7123fc5a5fb69e4 /rest_framework/authentication.py
parent	9e4e2c60f75f596d3f9e32deaab23bf98fc8ef0f (diff)
parent	34d65119fc1c200b76a8af7213a92d6b279bd478 (diff)
download	django-rest-framework-28e44efe25b5373f0f46357e4e26f7cb0482efa6.tar.bz2