Refactor SessionAuthentication slightly

2025-01-24 00:04:16 +03:00 · 2013-06-29 08:14:05 +01:00 · 2013-06-29 08:14:05 +01:00 · 35022ca921
commit 35022ca921
parent f7db06953b
1 changed files with 16 additions and 10 deletions
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@ -26,6 +26,12 @@ def get_authorization_header(request):
    return auth


+class CSRFCheck(CsrfViewMiddleware):
+    def _reject(self, request, reason):
+        # Return the failure reason instead of an HttpResponse
+        return reason
+
+
 class BaseAuthentication(object):
    """
    All authentication classes should extend BaseAuthentication.
@ -110,20 +116,20 @@ class SessionAuthentication(BaseAuthentication):
        if not user or not user.is_active:
            return None

-        # Enforce CSRF validation for session based authentication.
-        class CSRFCheck(CsrfViewMiddleware):
-            def _reject(self, request, reason):
-                # Return the failure reason instead of an HttpResponse
-                return reason
-
-        reason = CSRFCheck().process_view(http_request, None, (), {})
-        if reason:
-            # CSRF failed, bail with explicit error message
-            raise exceptions.AuthenticationFailed('CSRF Failed: %s' % reason)
+        self.enforce_csrf(http_request)

        # CSRF passed with authenticated user
        return (user, None)

+    def enforce_csrf(self, request):
+        """
+        Enforce CSRF validation for session based authentication.
+        """
+        reason = CSRFCheck().process_view(request, None, (), {})
+        if reason:
+            # CSRF failed, bail with explicit error message
+            raise exceptions.AuthenticationFailed('CSRF Failed: %s' % reason)
+

 class TokenAuthentication(BaseAuthentication):
    """