mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-01-24 16:24:18 +03:00
Turn streaming request parsing back on for 1.3. Fix CSRF which was breaking it. It's really not at all obvious if we need to byte limit the stream that we hand over or not.
This commit is contained in:
parent
3cdb4e2648
commit
5e2e2f1422
|
@ -72,7 +72,10 @@ class UserLoggedInAuthenticator(BaseAuthenticator):
|
||||||
"""Use Djagno's built-in request session for authentication."""
|
"""Use Djagno's built-in request session for authentication."""
|
||||||
def authenticate(self, request):
|
def authenticate(self, request):
|
||||||
if getattr(request, 'user', None) and request.user.is_active:
|
if getattr(request, 'user', None) and request.user.is_active:
|
||||||
|
# Temporarily request.POST with .RAW_CONTENT, so that we use our more generic request parsing
|
||||||
|
request._post = self.mixin.RAW_CONTENT
|
||||||
resp = CsrfViewMiddleware().process_view(request, None, (), {})
|
resp = CsrfViewMiddleware().process_view(request, None, (), {})
|
||||||
|
del(request._post)
|
||||||
if resp is None: # csrf passed
|
if resp is None: # csrf passed
|
||||||
return request.user
|
return request.user
|
||||||
return None
|
return None
|
||||||
|
|
|
@ -67,15 +67,34 @@ class RequestMixin(object):
|
||||||
"""
|
"""
|
||||||
if not hasattr(self, '_stream'):
|
if not hasattr(self, '_stream'):
|
||||||
request = self.request
|
request = self.request
|
||||||
# We ought to be able to return a stream rather than reading the stream.
|
|
||||||
# Not quite working just yet...
|
if hasattr(request, 'read'):
|
||||||
#if hasattr(request, 'read'):
|
# It's not at all clear if this needs to be byte limited or not.
|
||||||
|
# Maybe I'm just being dumb but it looks to me like there's some issues
|
||||||
|
# with that in Django.
|
||||||
|
#
|
||||||
|
# Either:
|
||||||
|
# 1. It *can't* be treated as a limited byte stream, and you _do_ need to
|
||||||
|
# respect CONTENT_LENGTH, in which case that ought to be documented,
|
||||||
|
# and there probably ought to be a feature request for it to be
|
||||||
|
# treated as a limited byte stream.
|
||||||
|
# 2. It *can* be treated as a limited byte stream, in which case there's a
|
||||||
|
# minor bug in the test client, and potentially some redundant
|
||||||
|
# code in MultipartParser.
|
||||||
|
#
|
||||||
|
# It's an issue because it affects if you can pass a request off to code that
|
||||||
|
# does something like:
|
||||||
|
#
|
||||||
|
# while stream.read(BUFFER_SIZE):
|
||||||
|
# [do stuff]
|
||||||
|
#
|
||||||
#try:
|
#try:
|
||||||
# content_length = int(request.META.get('CONTENT_LENGTH',0))
|
# content_length = int(request.META.get('CONTENT_LENGTH',0))
|
||||||
#except (ValueError, TypeError):
|
#except (ValueError, TypeError):
|
||||||
# content_length = 0
|
# content_length = 0
|
||||||
# self._stream = LimitBytes(request, content_length)
|
# self._stream = LimitedStream(request, content_length)
|
||||||
#else:
|
self._stream = request
|
||||||
|
else:
|
||||||
self._stream = StringIO(request.raw_post_data)
|
self._stream = StringIO(request.raw_post_data)
|
||||||
return self._stream
|
return self._stream
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user