From 65fc0d0f77c8882481ef37a68294f98879d3f8d5 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 17 Dec 2014 13:22:52 +0000
Subject: Ensure request.auth is available to response middleware.

---
 rest_framework/request.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'rest_framework')

diff --git a/rest_framework/request.py b/rest_framework/request.py
index 8248cbd4..cfbbdecc 100644
--- a/rest_framework/request.py
+++ b/rest_framework/request.py
@@ -278,7 +278,8 @@ class Request(object):
         compatibility with django.contrib.auth where the user property is
         set in the login and logout functions.
 
-        Sets the user on the wrapped original request as well.
+        Note that we also set the user on Django's underlying `HttpRequest`
+        instance, ensuring that it is available to any middleware in the stack.
         """
         self._user = value
         self._request.user = value
@@ -300,6 +301,7 @@ class Request(object):
         request, such as an authentication token.
         """
         self._auth = value
+        self._request.auth = value
 
     @property
     def successful_authenticator(self):
@@ -459,7 +461,7 @@ class Request(object):
 
             if user_auth_tuple is not None:
                 self._authenticator = authenticator
-                self.user, self._auth = user_auth_tuple
+                self.user, self.auth = user_auth_tuple
                 return
 
         self._not_authenticated()
@@ -479,9 +481,9 @@ class Request(object):
             self.user = None
 
         if api_settings.UNAUTHENTICATED_TOKEN:
-            self._auth = api_settings.UNAUTHENTICATED_TOKEN()
+            self.auth = api_settings.UNAUTHENTICATED_TOKEN()
         else:
-            self._auth = None
+            self.auth = None
 
     def __getattr__(self, attr):
         """
-- 
cgit v1.2.3