Fix UserLoggedInAuthentication for POST requests.

Fixes #78.
2025-11-04 09:57:55 +03:00 · 2012-01-24 19:26:37 +00:00 · 2012-01-24 19:26:37 +00:00 · 1d9f24f60d
commit 1d9f24f60d
parent 863bbe7684
1 changed files with 2 additions and 15 deletions
--- a/djangorestframework/authentication.py
+++ b/djangorestframework/authentication.py
@ -87,25 +87,12 @@ class UserLoggedInAuthentication(BaseAuthentication):
        Returns a :obj:`User` if the request session currently has a logged in user.
        Otherwise returns :const:`None`.
        """
-        # TODO: Might be cleaner to switch this back to using request.POST,
-        #       and let FormParser/MultiPartParser deal with the consequences.
+        self.view.DATA  # Make sure our generic parsing runs first
+
        if getattr(request, 'user', None) and request.user.is_active:
            # Enforce CSRF validation for session based authentication.
-
-            # Temporarily replace request.POST with .DATA, to use our generic parsing.
-            # If DATA is not dict-like, use an empty dict.
-            if request.method.upper() == 'POST':
-                if hasattr(self.view.DATA, 'get'):
-                    request._post = self.view.DATA
-                else:
-                    request._post = {}
-
            resp = CsrfViewMiddleware().process_view(request, None, (), {})

-            # Replace request.POST
-            if request.method.upper() == 'POST':
-                del(request._post)
-
            if resp is None:  # csrf passed
                return request.user
        return None