diff options
| -rw-r--r-- | rest_framework/request.py | 9 | ||||
| -rw-r--r-- | tests/test_middleware.py | 37 | ||||
| -rw-r--r-- | tests/test_request.py | 7 |
3 files changed, 49 insertions, 4 deletions
diff --git a/rest_framework/request.py b/rest_framework/request.py index 20e049ed..8248cbd4 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -277,8 +277,11 @@ class Request(object): Sets the user on the current request. This is necessary to maintain compatibility with django.contrib.auth where the user property is set in the login and logout functions. + + Sets the user on the wrapped original request as well. """ self._user = value + self._request.user = value @property def auth(self): @@ -456,7 +459,7 @@ class Request(object): if user_auth_tuple is not None: self._authenticator = authenticator - self._user, self._auth = user_auth_tuple + self.user, self._auth = user_auth_tuple return self._not_authenticated() @@ -471,9 +474,9 @@ class Request(object): self._authenticator = None if api_settings.UNAUTHENTICATED_USER: - self._user = api_settings.UNAUTHENTICATED_USER() + self.user = api_settings.UNAUTHENTICATED_USER() else: - self._user = None + self.user = None if api_settings.UNAUTHENTICATED_TOKEN: self._auth = api_settings.UNAUTHENTICATED_TOKEN() diff --git a/tests/test_middleware.py b/tests/test_middleware.py new file mode 100644 index 00000000..4c099fca --- /dev/null +++ b/tests/test_middleware.py @@ -0,0 +1,37 @@ + +from django.conf.urls import patterns, url +from django.contrib.auth.models import User +from rest_framework.authentication import TokenAuthentication +from rest_framework.authtoken.models import Token +from rest_framework.test import APITestCase +from rest_framework.views import APIView + + +urlpatterns = patterns( + '', + url(r'^$', APIView.as_view(authentication_classes=(TokenAuthentication,))), +) + + +class MyMiddleware(object): + + def process_response(self, request, response): + assert hasattr(request, 'user'), '`user` is not set on request' + assert request.user.is_authenticated(), '`user` is not authenticated' + return response + + +class TestMiddleware(APITestCase): + + urls = 'tests.test_middleware' + + def test_middleware_can_access_user_when_processing_response(self): + user = User.objects.create_user('john', 'john@example.com', 'password') + key = 'abcd1234' + Token.objects.create(key=key, user=user) + + with self.settings( + MIDDLEWARE_CLASSES=('tests.test_middleware.MyMiddleware',) + ): + auth = 'Token ' + key + self.client.get('/', HTTP_AUTHORIZATION=auth) diff --git a/tests/test_request.py b/tests/test_request.py index 7cf8c327..02a9b1e2 100644 --- a/tests/test_request.py +++ b/tests/test_request.py @@ -224,7 +224,8 @@ class TestUserSetter(TestCase): def setUp(self): # Pass request object through session middleware so session is # available to login and logout functions - self.request = Request(factory.get('/')) + self.wrapped_request = factory.get('/') + self.request = Request(self.wrapped_request) SessionMiddleware().process_request(self.request) User.objects.create_user('ringo', 'starr@thebeatles.com', 'yellow') @@ -244,6 +245,10 @@ class TestUserSetter(TestCase): logout(self.request) self.assertTrue(self.request.user.is_anonymous()) + def test_logged_in_user_is_set_on_wrapped_request(self): + login(self.request, self.user) + self.assertEqual(self.wrapped_request.user, self.user) + class TestAuthSetter(TestCase): |