Turn streaming request parsing back on for 1.3. Fix CSRF which was breaking it. It's really not at all obvious if we need to byte limit the stream that we hand over or not.

2025-01-24 08:14:16 +03:00 · 2011-04-04 09:19:49 +01:00 · 2011-04-04 09:19:49 +01:00 · 5e2e2f1422
commit 5e2e2f1422
parent 3cdb4e2648
2 changed files with 33 additions and 11 deletions
--- a/djangorestframework/authenticators.py
+++ b/djangorestframework/authenticators.py
@ -72,7 +72,10 @@ class UserLoggedInAuthenticator(BaseAuthenticator):
    """Use Djagno's built-in request session for authentication."""
    def authenticate(self, request):
        if getattr(request, 'user', None) and request.user.is_active:
+            # Temporarily request.POST with .RAW_CONTENT, so that we use our more generic request parsing
+            request._post = self.mixin.RAW_CONTENT
            resp = CsrfViewMiddleware().process_view(request, None, (), {})
+            del(request._post)
            if resp is None:  # csrf passed
                return request.user
        return None
--- a/djangorestframework/request.py
+++ b/djangorestframework/request.py
@ -67,15 +67,34 @@ class RequestMixin(object):
        """
        if not hasattr(self, '_stream'):
            request = self.request
-            # We ought to be able to return a stream rather than reading the stream.
-            # Not quite working just yet...
-            #if hasattr(request, 'read'):
+
+            if hasattr(request, 'read'):
+                # It's not at all clear if this needs to be byte limited or not.
+                # Maybe I'm just being dumb but it looks to me like there's some issues
+                # with that in Django.
+                #
+                # Either:
+                #   1. It *can't* be treated as a limited byte stream, and you _do_ need to
+                #      respect CONTENT_LENGTH, in which case that ought to be documented,
+                #      and there probably ought to be a feature request for it to be
+                #      treated as a limited byte stream.
+                #   2. It *can* be treated as a limited byte stream, in which case there's a
+                #      minor bug in the test client, and potentially some redundant
+                #      code in MultipartParser.
+                #
+                #   It's an issue because it affects if you can pass a request off to code that
+                #   does something like:
+                #
+                #   while stream.read(BUFFER_SIZE):
+                #       [do stuff]
+                #
                #try:
                #    content_length = int(request.META.get('CONTENT_LENGTH',0))
                #except (ValueError, TypeError):
                #    content_length = 0
-            #    self._stream = LimitBytes(request, content_length)
-            #else:
+                # self._stream = LimitedStream(request, content_length)
+                self._stream = request
+            else:
                self._stream = StringIO(request.raw_post_data)
        return self._stream