Turn streaming request parsing back on for 1.3. Fix CSRF which was breaking it.…

Turn streaming request parsing back on for 1.3. Fix CSRF which was breaking it. It's really not at all obvious if we need to byte limit the stream that we hand over or not.

Turn streaming request parsing back on for 1.3. Fix CSRF which was breaking it.…
Turn streaming request parsing back on for 1.3. Fix CSRF which was breaking it. It's really not at all obvious if we need to byte limit the stream that we hand over or not.
5e2e2f14 · Tom Christie · 3cdb4e26 · 5e2e2f14 · 5e2e2f14
Commit 5e2e2f14 authored Apr 04, 2011 by Tom Christie
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 11 deletions

djangorestframework/authenticators.py
+4 -1

djangorestframework/request.py
+29 -10

No files found.
--- a/djangorestframework/authenticators.py
+++ b/djangorestframework/authenticators.py
@@ -71,8 +71,11 @@ class BasicAuthenticator(BaseAuthenticator):
 class UserLoggedInAuthenticator(BaseAuthenticator):
    """Use Djagno's built-in request session for authentication."""
    def authenticate(self, request):
-        if getattr(request, 'user', None) and request.user.is_active:                
+        if getattr(request, 'user', None) and request.user.is_active:
+            # Temporarily request.POST with .RAW_CONTENT, so that we use our more generic request parsing
+            request._post = self.mixin.RAW_CONTENT
            resp = CsrfViewMiddleware().process_view(request, None, (), {})
+            del(request._post)
            if resp is None:  # csrf passed
                return request.user
        return None

--- a/djangorestframework/request.py
+++ b/djangorestframework/request.py
@@ -67,16 +67,35 @@ class RequestMixin(object):
        """
        if not hasattr(self, '_stream'):
            request = self.request
-            # We ought to be able to return a stream rather than reading the stream.
-            # Not quite working just yet...
+            if hasattr(request, 'read'):
-            #if hasattr(request, 'read'):
+                # It's not at all clear if this needs to be byte limited or not.
-            #    try:
+                # Maybe I'm just being dumb but it looks to me like there's some issues
-            #        content_length = int(request.META.get('CONTENT_LENGTH',0))
+                # with that in Django.
-            #    except (ValueError, TypeError):
+                #
-            #        content_length = 0
+                # Either:
-            #    self._stream = LimitBytes(request, content_length)
+                #   1. It *can't* be treated as a limited byte stream, and you _do_ need to
-            #else:
+                #      respect CONTENT_LENGTH, in which case that ought to be documented,
-            self._stream = StringIO(request.raw_post_data)
+                #      and there probably ought to be a feature request for it to be
+                #      treated as a limited byte stream.
+                #   2. It *can* be treated as a limited byte stream, in which case there's a
+                #      minor bug in the test client, and potentially some redundant
+                #      code in MultipartParser.
+                #
+                #   It's an issue because it affects if you can pass a request off to code that
+                #   does something like:
+                #
+                #   while stream.read(BUFFER_SIZE):
+                #       [do stuff]
+                #
+                #try:
+                #    content_length = int(request.META.get('CONTENT_LENGTH',0))
+                #except (ValueError, TypeError):
+                #    content_length = 0
+                # self._stream = LimitedStream(request, content_length)
+                self._stream = request
+            else:
+                self._stream = StringIO(request.raw_post_data)
        return self._stream