encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-01-23 15:54:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix session auth

Browse Source
This commit is contained in:
Tom Christie 2012-10-10 16:36:25 +01:00
parent d905d1cbd3
commit 221ecd2182
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
rest_framework/authentication.py
View File

@ -88,11 +88,14 @@ class SessionAuthentication(BaseAuthentication):
Returns a :obj:`User` if the request session currently has a logged in user.
Otherwise returns :const:`None`.
"""
user = getattr(request._request, 'user', None)
# Get the underlying HttpRequest object
http_request = request._request
user = getattr(http_request, 'user', None)
if user and user.is_active:
# Enforce CSRF validation for session based authentication.
resp = CsrfViewMiddleware().process_view(request, None, (), {})
resp = CsrfViewMiddleware().process_view(http_request, None, (), {})
if resp is None: # csrf passed
return (user, None)