From 77231029e63bf29d438c66a4da85c00d6c379a72 Mon Sep 17 00:00:00 2001
From: David Gunter <david@davidgunter.ca>
Date: Mon, 5 Jun 2017 20:36:39 -0700
Subject: [PATCH 1/3] Add endpoint for UserAuthenticationStatus

---
 rest_auth/urls.py  |  4 +++-
 rest_auth/views.py | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/rest_auth/urls.py b/rest_auth/urls.py
index 7a35e9b..b752eaf 100644
--- a/rest_auth/urls.py
+++ b/rest_auth/urls.py
@@ -2,7 +2,7 @@ from django.conf.urls import url
 
 from rest_auth.views import (
     LoginView, LogoutView, UserDetailsView, PasswordChangeView,
-    PasswordResetView, PasswordResetConfirmView
+    PasswordResetView, PasswordResetConfirmView, UserAuthenticationStatusView
 )
 
 urlpatterns = [
@@ -15,6 +15,8 @@ urlpatterns = [
     # URLs that require a user to be logged in with a valid session / token.
     url(r'^logout/$', LogoutView.as_view(), name='rest_logout'),
     url(r'^user/$', UserDetailsView.as_view(), name='rest_user_details'),
+    url(r'^user/status/$', UserAuthenticationStatusView.as_view(), 
+        name='rest_auth_status'),
     url(r'^password/change/$', PasswordChangeView.as_view(),
         name='rest_password_change'),
 ]
diff --git a/rest_auth/views.py b/rest_auth/views.py
index 0493a76..454b450 100644
--- a/rest_auth/views.py
+++ b/rest_auth/views.py
@@ -153,6 +153,26 @@ class UserDetailsView(RetrieveUpdateAPIView):
         return get_user_model().objects.none()
 
 
+class UserAuthenticationStatusView(APIView):
+    """
+    Checks is_authenticated attribute for User attached to request.
+    Accepts GET method.
+
+    Returns True/False indicator for if user is authenticated.
+    """
+    authentication_classes = ()
+    permission_classes = ()
+
+    def get(self, request, *args, **kwargs):
+        if hasattr(request, "user") and request.user.is_authenticated:
+            return Response(
+                {"authenticated": True}, status=status.HTTP_200_OK
+            )
+
+        return Response(
+            {"authenticated": False}, status=status.HTTP_401_UNAUTHORIZED
+        )
+
 class PasswordResetView(GenericAPIView):
     """
     Calls Django Auth PasswordResetForm save method.

From 1cc46e7b24743d27c28a50c8ac97b3c7bafa2671 Mon Sep 17 00:00:00 2001
From: David Gunter <david@davidgunter.ca>
Date: Mon, 5 Jun 2017 20:49:14 -0700
Subject: [PATCH 2/3] Add user auth status test

---
 rest_auth/tests/test_api.py  | 13 +++++++++++++
 rest_auth/tests/test_base.py |  1 +
 2 files changed, 14 insertions(+)

diff --git a/rest_auth/tests/test_api.py b/rest_auth/tests/test_api.py
index 0356d19..3cb6ea4 100644
--- a/rest_auth/tests/test_api.py
+++ b/rest_auth/tests/test_api.py
@@ -493,3 +493,16 @@ class APITestCase1(TestCase, BaseAPITestCase):
 
         self.post(self.login_url, data=payload, status_code=status.HTTP_200_OK)
         self.get(self.logout_url, status_code=status.HTTP_405_METHOD_NOT_ALLOWED)
+
+    def test_user_authentication_status(self):
+        user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
+
+        self._login()
+
+        self.get(self.user_authenticated_status_url, status_code=200)
+        self.assertTrue(self.response.json['authenticated'])
+
+        self._logout()
+
+        self.get(self.user_authenticated_status_url, status_code=401)
+        self.assertFalse(self.response.json['authenticated'])
diff --git a/rest_auth/tests/test_base.py b/rest_auth/tests/test_base.py
index 48d94f0..153ee7a 100644
--- a/rest_auth/tests/test_base.py
+++ b/rest_auth/tests/test_base.py
@@ -97,6 +97,7 @@ class BaseAPITestCase(object):
         self.register_url = reverse('rest_register')
         self.password_reset_url = reverse('rest_password_reset')
         self.user_url = reverse('rest_user_details')
+        self.user_authenticated_status_url = reverse('rest_auth_status')
         self.verify_email_url = reverse('rest_verify_email')
         self.fb_login_url = reverse('fb_login')
         self.tw_login_url = reverse('tw_login')

From a2bc1b5196839fd121bc94364a99d0ba13d6ee31 Mon Sep 17 00:00:00 2001
From: David Gunter <david.gunter@tivix.com>
Date: Tue, 6 Jun 2017 12:28:06 -0700
Subject: [PATCH 3/3] Add proper DRF Authentication classes to user
 authenticated endpoint

---
 rest_auth/tests/test_api.py | 1 +
 rest_auth/views.py          | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/rest_auth/tests/test_api.py b/rest_auth/tests/test_api.py
index 3cb6ea4..e94ece8 100644
--- a/rest_auth/tests/test_api.py
+++ b/rest_auth/tests/test_api.py
@@ -498,6 +498,7 @@ class APITestCase1(TestCase, BaseAPITestCase):
         user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
 
         self._login()
+        self.token = self.response.json['key']
 
         self.get(self.user_authenticated_status_url, status_code=200)
         self.assertTrue(self.response.json['authenticated'])
diff --git a/rest_auth/views.py b/rest_auth/views.py
index 454b450..2479f25 100644
--- a/rest_auth/views.py
+++ b/rest_auth/views.py
@@ -14,6 +14,7 @@ from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework.generics import GenericAPIView, RetrieveUpdateAPIView
 from rest_framework.permissions import IsAuthenticated, AllowAny
+from rest_framework.authentication import SessionAuthentication, TokenAuthentication
 
 from .app_settings import (
     TokenSerializer, UserDetailsSerializer, LoginSerializer,
@@ -160,11 +161,11 @@ class UserAuthenticationStatusView(APIView):
 
     Returns True/False indicator for if user is authenticated.
     """
-    authentication_classes = ()
+    authentication_classes = (TokenAuthentication,)
     permission_classes = ()
 
     def get(self, request, *args, **kwargs):
-        if hasattr(request, "user") and request.user.is_authenticated:
+        if hasattr(self.request, "user") and self.request.user.is_authenticated:
             return Response(
                 {"authenticated": True}, status=status.HTTP_200_OK
             )
@@ -173,6 +174,7 @@ class UserAuthenticationStatusView(APIView):
             {"authenticated": False}, status=status.HTTP_401_UNAUTHORIZED
         )
 
+
 class PasswordResetView(GenericAPIView):
     """
     Calls Django Auth PasswordResetForm save method.