Use REST framework request parsing when accessing old-style .POST

rest_framework/authentication.py

@@ -117,9 +117,8 @@ class SessionAuthentication(BaseAuthentication):
         Otherwise returns `None`.
         """
 
-        # Get the underlying HttpRequest object
-        request = request._request
-        user = getattr(request, 'user', None)
+        # Get the session-based user from the underlying HttpRequest object
+        user = getattr(request._request, 'user', None)
 
         # Unauthenticated, CSRF validation not required
         if not user or not user.is_active:

rest_framework/request.py

@@ -366,6 +366,15 @@ class Request(object):
         )
 
     @property
+    def POST(self):
+        # Ensure that request.POST uses our request parsing.
+        if not _hasattr(self, '_data'):
+            self._load_data_and_files()
+        if is_form_media_type(self.content_type):
+            return self.data
+        return QueryDict('', encoding=self._request._encoding)
+
+    @property
     def FILES(self):
         # Leave this one alone for backwards compat with Django's request.FILES
         # Different from the other two cases, which are not valid property