Fix session auth

author: Tom Christie 2012-10-10 16:36:25 +0100
committer: Tom Christie 2012-10-10 16:36:25 +0100
commit: 221ecd21828c11a800c00a6ec52e93587b7e2a3b (patch)
tree: 49afcae198ffa4d9659df9e72d2b60c8ad382566 /rest_framework/authentication.py
parent: d905d1cbd3a20191835be1a5bddee0aabf136ec6 (diff)
download: django-rest-framework-221ecd21828c11a800c00a6ec52e93587b7e2a3b.tar.bz2
1 files changed, 5 insertions, 2 deletions
diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index f8954428..ee5bd2f2 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -88,11 +88,14 @@ class SessionAuthentication(BaseAuthentication):
         Returns a :obj:`User` if the request session currently has a logged in user.
         Otherwise returns :const:`None`.
         """
-        user = getattr(request._request, 'user', None)
+
+        # Get the underlying HttpRequest object
+        http_request = request._request
+        user = getattr(http_request, 'user', None)
 
         if user and user.is_active:
             # Enforce CSRF validation for session based authentication.
-            resp = CsrfViewMiddleware().process_view(request, None, (), {})
+            resp = CsrfViewMiddleware().process_view(http_request, None, (), {})
 
             if resp is None:  # csrf passed
                 return (user, None)
author	Tom Christie	2012-10-10 16:36:25 +0100
committer	Tom Christie	2012-10-10 16:36:25 +0100
commit	221ecd21828c11a800c00a6ec52e93587b7e2a3b (patch)
tree	49afcae198ffa4d9659df9e72d2b60c8ad382566 /rest_framework/authentication.py
parent	d905d1cbd3a20191835be1a5bddee0aabf136ec6 (diff)
download	django-rest-framework-221ecd21828c11a800c00a6ec52e93587b7e2a3b.tar.bz2