From 5e2e2f14229577b6294bafbd9b420b2a6deeb6f0 Mon Sep 17 00:00:00 2001
From: Tom Christie <tomchristie@bright-interactive.co.uk>
Date: Mon, 4 Apr 2011 09:19:49 +0100
Subject: [PATCH] Turn streaming request parsing back on for 1.3.  Fix CSRF
 which was breaking it.  It's really not at all obvious if we need to byte
 limit the stream that we hand over or not.

---
 djangorestframework/authenticators.py |  5 +++-
 djangorestframework/request.py        | 39 ++++++++++++++++++++-------
 2 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/djangorestframework/authenticators.py b/djangorestframework/authenticators.py
index 29875c643..ce7abd10b 100644
--- a/djangorestframework/authenticators.py
+++ b/djangorestframework/authenticators.py
@@ -71,8 +71,11 @@ class BasicAuthenticator(BaseAuthenticator):
 class UserLoggedInAuthenticator(BaseAuthenticator):
     """Use Djagno's built-in request session for authentication."""
     def authenticate(self, request):
-        if getattr(request, 'user', None) and request.user.is_active:                
+        if getattr(request, 'user', None) and request.user.is_active:
+            # Temporarily request.POST with .RAW_CONTENT, so that we use our more generic request parsing
+            request._post = self.mixin.RAW_CONTENT
             resp = CsrfViewMiddleware().process_view(request, None, (), {})
+            del(request._post)
             if resp is None:  # csrf passed
                 return request.user
         return None
diff --git a/djangorestframework/request.py b/djangorestframework/request.py
index 5da679efb..02692e6ba 100644
--- a/djangorestframework/request.py
+++ b/djangorestframework/request.py
@@ -67,16 +67,35 @@ class RequestMixin(object):
         """
         if not hasattr(self, '_stream'):
             request = self.request
-            # We ought to be able to return a stream rather than reading the stream.
-            # Not quite working just yet...
-            #if hasattr(request, 'read'):
-            #    try:
-            #        content_length = int(request.META.get('CONTENT_LENGTH',0))
-            #    except (ValueError, TypeError):
-            #        content_length = 0
-            #    self._stream = LimitBytes(request, content_length)
-            #else:
-            self._stream = StringIO(request.raw_post_data)
+
+            if hasattr(request, 'read'):
+                # It's not at all clear if this needs to be byte limited or not.
+                # Maybe I'm just being dumb but it looks to me like there's some issues
+                # with that in Django.
+                #
+                # Either:
+                #   1. It *can't* be treated as a limited byte stream, and you _do_ need to
+                #      respect CONTENT_LENGTH, in which case that ought to be documented,
+                #      and there probably ought to be a feature request for it to be
+                #      treated as a limited byte stream.
+                #   2. It *can* be treated as a limited byte stream, in which case there's a
+                #      minor bug in the test client, and potentially some redundant
+                #      code in MultipartParser.
+                #
+                #   It's an issue because it affects if you can pass a request off to code that
+                #   does something like:
+                #
+                #   while stream.read(BUFFER_SIZE):
+                #       [do stuff]
+                #
+                #try:
+                #    content_length = int(request.META.get('CONTENT_LENGTH',0))
+                #except (ValueError, TypeError):
+                #    content_length = 0
+                # self._stream = LimitedStream(request, content_length)
+                self._stream = request
+            else:
+                self._stream = StringIO(request.raw_post_data)
         return self._stream