Fix UserLoggedInAuthentication for POST requests.

Fixes #78.

Fix UserLoggedInAuthentication for POST requests.
Fixes #78.
1d9f24f6 · Tom Christie · 863bbe76 · 1d9f24f6
Commit 1d9f24f6 authored Jan 24, 2012 by Tom Christie
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 15 deletions

djangorestframework/authentication.py
+2 -15

No files found.
--- a/djangorestframework/authentication.py
+++ b/djangorestframework/authentication.py
@@ -87,25 +87,12 @@ class UserLoggedInAuthentication(BaseAuthentication):
        Returns a :obj:`User` if the request session currently has a logged in user.
        Otherwise returns :const:`None`.
        """
-        # TODO: Might be cleaner to switch this back to using request.POST,
-        #       and let FormParser/MultiPartParser deal with the consequences.
+        self.view.DATA  # Make sure our generic parsing runs first
+
        if getattr(request, 'user', None) and request.user.is_active:
            # Enforce CSRF validation for session based authentication.
-
-            # Temporarily replace request.POST with .DATA, to use our generic parsing.
-            # If DATA is not dict-like, use an empty dict.
-            if request.method.upper() == 'POST':
-                if hasattr(self.view.DATA, 'get'):
-                    request._post = self.view.DATA
-                else:
-                    request._post = {}
-
            resp = CsrfViewMiddleware().process_view(request, None, (), {})

-            # Replace request.POST
-            if request.method.upper() == 'POST':
-                del(request._post)
-
            if resp is None:  # csrf passed
                return request.user
        return None