Ensure request.auth is available to response middleware.

65fc0d0f · Tom Christie · 7fbf5b0e · 65fc0d0f
Commit 65fc0d0f authored Dec 17, 2014 by Tom Christie
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

rest_framework/request.py
+6 -4

No files found.
--- a/rest_framework/request.py
+++ b/rest_framework/request.py
@@ -278,7 +278,8 @@ class Request(object):
        compatibility with django.contrib.auth where the user property is
        set in the login and logout functions.
-        Sets the user on the wrapped original request as well.
+        Note that we also set the user on Django's underlying `HttpRequest`
+        instance, ensuring that it is available to any middleware in the stack.
        """
        self._user = value
        self._request.user = value
@@ -300,6 +301,7 @@ class Request(object):
        request, such as an authentication token.
        """
        self._auth = value
+        self._request.auth = value
    @property
    def successful_authenticator(self):
@@ -459,7 +461,7 @@ class Request(object):
            if user_auth_tuple is not None:
                self._authenticator = authenticator
-                self.user, self._auth = user_auth_tuple
+                self.user, self.auth = user_auth_tuple
                return
        self._not_authenticated()
@@ -479,9 +481,9 @@ class Request(object):
            self.user = None
        if api_settings.UNAUTHENTICATED_TOKEN:
-            self._auth = api_settings.UNAUTHENTICATED_TOKEN()
+            self.auth = api_settings.UNAUTHENTICATED_TOKEN()
        else:
-            self._auth = None
+            self.auth = None
    def __getattr__(self, attr):
        """