Merge pull request #2155 from martinmaillard/set-user-on-wrapped-request

Set authenticated user on wrapped request

Merge pull request #2155 from martinmaillard/set-user-on-wrapped-request
Set authenticated user on wrapped request
7fbf5b0e · Tom Christie · d872c8e2 · a68e78bd · 7fbf5b0e · 7fbf5b0e
Commit 7fbf5b0e authored Dec 17, 2014 by Tom Christie
Hide whitespace changes
Inline Side-by-side

Showing with 49 additions and 4 deletions

rest_framework/request.py
+6 -3

tests/test_middleware.py
+37 -0

tests/test_request.py
+6 -1

No files found.
--- a/rest_framework/request.py
+++ b/rest_framework/request.py
@@ -277,8 +277,11 @@ class Request(object):
        Sets the user on the current request. This is necessary to maintain
        compatibility with django.contrib.auth where the user property is
        set in the login and logout functions.
+        Sets the user on the wrapped original request as well.
        """
        self._user = value
+        self._request.user = value
    @property
    def auth(self):
@@ -456,7 +459,7 @@ class Request(object):
            if user_auth_tuple is not None:
                self._authenticator = authenticator
-                self._user, self._auth = user_auth_tuple
+                self.user, self._auth = user_auth_tuple
                return
        self._not_authenticated()
@@ -471,9 +474,9 @@ class Request(object):
        self._authenticator = None
        if api_settings.UNAUTHENTICATED_USER:
-            self._user = api_settings.UNAUTHENTICATED_USER()
+            self.user = api_settings.UNAUTHENTICATED_USER()
        else:
-            self._user = None
+            self.user = None
        if api_settings.UNAUTHENTICATED_TOKEN:
            self._auth = api_settings.UNAUTHENTICATED_TOKEN()

--- a/tests/test_middleware.py
+++ b/tests/test_middleware.py
+from django.conf.urls import patterns, url
+from django.contrib.auth.models import User
+from rest_framework.authentication import TokenAuthentication
+from rest_framework.authtoken.models import Token
+from rest_framework.test import APITestCase
+from rest_framework.views import APIView
+urlpatterns = patterns(
+    '',
+    url(r'^$', APIView.as_view(authentication_classes=(TokenAuthentication,))),
+)
+class MyMiddleware(object):
+    def process_response(self, request, response):
+        assert hasattr(request, 'user'), '`user` is not set on request'
+        assert request.user.is_authenticated(), '`user` is not authenticated'
+        return response
+class TestMiddleware(APITestCase):
+    urls = 'tests.test_middleware'
+    def test_middleware_can_access_user_when_processing_response(self):
+        user = User.objects.create_user('john', 'john@example.com', 'password')
+        key = 'abcd1234'
+        Token.objects.create(key=key, user=user)
+        with self.settings(
+            MIDDLEWARE_CLASSES=('tests.test_middleware.MyMiddleware',)
+        ):
+            auth = 'Token ' + key
+            self.client.get('/', HTTP_AUTHORIZATION=auth)
--- a/tests/test_request.py
+++ b/tests/test_request.py
@@ -224,7 +224,8 @@ class TestUserSetter(TestCase):
    def setUp(self):
        # Pass request object through session middleware so session is
        # available to login and logout functions
-        self.request = Request(factory.get('/'))
+        self.wrapped_request = factory.get('/')
+        self.request = Request(self.wrapped_request)
        SessionMiddleware().process_request(self.request)
        User.objects.create_user('ringo', 'starr@thebeatles.com', 'yellow')
@@ -244,6 +245,10 @@ class TestUserSetter(TestCase):
        logout(self.request)
        self.assertTrue(self.request.user.is_anonymous())
+    def test_logged_in_user_is_set_on_wrapped_request(self):
+        login(self.request, self.user)
+        self.assertEqual(self.wrapped_request.user, self.user)
 class TestAuthSetter(TestCase):