From 3d15adaeb11a2f2f2961280026232743afc61398 Mon Sep 17 00:00:00 2001 From: tom christie tom@tomchristie.com Date: Tue, 26 Apr 2011 20:20:31 +0100 Subject: Fixes #35 - Import json from django's built-in package (Does cleverness in determing best lib to use) --- djangorestframework/emitters.py | 8 ++------ djangorestframework/parsers.py | 7 ++----- djangorestframework/tests/authentication.py | 10 ++++------ djangorestframework/tests/reverse.py | 6 +----- 4 files changed, 9 insertions(+), 22 deletions(-) (limited to 'djangorestframework') diff --git a/djangorestframework/emitters.py b/djangorestframework/emitters.py index 2769a4f5..60a4b5dc 100644 --- a/djangorestframework/emitters.py +++ b/djangorestframework/emitters.py @@ -3,10 +3,11 @@ django-rest-framework also provides HTML and PlainText emitters that help self-d by serializing the output along with documentation regarding the Resource, output status and headers, and providing forms and links depending on the allowed methods, emitters and parsers on the Resource. """ +from django import forms from django.conf import settings from django.http import HttpResponse from django.template import RequestContext, loader -from django import forms +from django.utils import simplejson as json from djangorestframework.response import NoContent, ResponseException from djangorestframework.validators import FormValidatorMixin @@ -21,11 +22,6 @@ import string import re from decimal import Decimal -try: - import json -except ImportError: - import simplejson as json - _MSIE_USER_AGENT = re.compile(r'^Mozilla/[0-9]+\.[0-9]+ \([^)]*; MSIE [0-9]+\.[0-9]+[a-z]?;[^)]*\)(?!.* Opera )') diff --git a/djangorestframework/parsers.py b/djangorestframework/parsers.py index 1503342c..35003a0f 100644 --- a/djangorestframework/parsers.py +++ b/djangorestframework/parsers.py @@ -9,16 +9,13 @@ We need a method to be able to: and multipart/form-data. (eg also handle multipart/json) """ from django.http.multipartparser import MultiPartParser as DjangoMPParser +from django.utils import simplejson as json + from djangorestframework.response import ResponseException from djangorestframework import status from djangorestframework.utils import as_tuple from djangorestframework.mediatypes import MediaType -try: - import json -except ImportError: - import simplejson as json - try: from urlparse import parse_qs except ImportError: diff --git a/djangorestframework/tests/authentication.py b/djangorestframework/tests/authentication.py index af9c34ca..246ad4a0 100644 --- a/djangorestframework/tests/authentication.py +++ b/djangorestframework/tests/authentication.py @@ -1,16 +1,14 @@ from django.conf.urls.defaults import patterns -from django.test import TestCase -from django.test import Client +from django.test import Client, TestCase +from django.utils import simplejson as json + from djangorestframework.compat import RequestFactory from djangorestframework.resource import Resource from django.contrib.auth.models import User from django.contrib.auth import login import base64 -try: - import json -except ImportError: - import simplejson as json + class MockResource(Resource): allowed_methods = ('POST',) diff --git a/djangorestframework/tests/reverse.py b/djangorestframework/tests/reverse.py index a862e39a..2718ebca 100644 --- a/djangorestframework/tests/reverse.py +++ b/djangorestframework/tests/reverse.py @@ -1,14 +1,10 @@ from django.conf.urls.defaults import patterns, url from django.core.urlresolvers import reverse from django.test import TestCase +from django.utils import simplejson as json from djangorestframework.resource import Resource -try: - import json -except ImportError: - import simplejson as json - class MockResource(Resource): """Mock resource which simply returns a URL, so that we can ensure that reversed URLs are fully qualified""" -- cgit v1.2.3 From b508ca38d44f458e3eabaa4ffd3500d80a71eb9e Mon Sep 17 00:00:00 2001 From: tom christie tom@tomchristie.com Date: Tue, 26 Apr 2011 21:08:36 +0100 Subject: CSRF validation will only be applied to POST requests, so let's only load .RAW_CONTENT in those cases --- djangorestframework/authenticators.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'djangorestframework') diff --git a/djangorestframework/authenticators.py b/djangorestframework/authenticators.py index 0d267b64..82d19779 100644 --- a/djangorestframework/authenticators.py +++ b/djangorestframework/authenticators.py @@ -80,14 +80,18 @@ class BasicAuthenticator(BaseAuthenticator): class UserLoggedInAuthenticator(BaseAuthenticator): - """Use Djagno's built-in request session for authentication.""" + """Use Django's built-in request session for authentication.""" def authenticate(self, request): if getattr(request, 'user', None) and request.user.is_active: - # Temporarily request.POST with .RAW_CONTENT, so that we use our more generic request parsing - request._post = self.mixin.RAW_CONTENT - resp = CsrfViewMiddleware().process_view(request, None, (), {}) - del(request._post) - if resp is None: # csrf passed - return request.user + # If this is a POST request we enforce CSRF validation. + if request.method.upper() == 'POST': + # Temporarily replace request.POST with .RAW_CONTENT, + # so that we use our more generic request parsing + request._post = self.mixin.RAW_CONTENT + resp = CsrfViewMiddleware().process_view(request, None, (), {}) + del(request._post) + if resp is not None: # csrf failed + return None + return request.user return None -- cgit v1.2.3