Merge pull request #2155 from martinmaillard/set-user-on-wrapped-request

Set authenticated user on wrapped request

rest_framework/request.py

@@ -277,8 +277,11 @@ class Request(object):
         Sets the user on the current request. This is necessary to maintain
         compatibility with django.contrib.auth where the user property is
         set in the login and logout functions.
+
+        Sets the user on the wrapped original request as well.
         """
         self._user = value
+        self._request.user = value
 
     @property
     def auth(self):
@@ -456,7 +459,7 @@ class Request(object):
 
             if user_auth_tuple is not None:
                 self._authenticator = authenticator
-                self._user, self._auth = user_auth_tuple
+                self.user, self._auth = user_auth_tuple
                 return
 
         self._not_authenticated()
@@ -471,9 +474,9 @@ class Request(object):
         self._authenticator = None
 
         if api_settings.UNAUTHENTICATED_USER:
-            self._user = api_settings.UNAUTHENTICATED_USER()
+            self.user = api_settings.UNAUTHENTICATED_USER()
         else:
-            self._user = None
+            self.user = None
 
         if api_settings.UNAUTHENTICATED_TOKEN:
             self._auth = api_settings.UNAUTHENTICATED_TOKEN()

tests/test_middleware.py

@@ -0,0 +1,37 @@
+
+from django.conf.urls import patterns, url
+from django.contrib.auth.models import User
+from rest_framework.authentication import TokenAuthentication
+from rest_framework.authtoken.models import Token
+from rest_framework.test import APITestCase
+from rest_framework.views import APIView
+
+
+urlpatterns = patterns(
+    '',
+    url(r'^$', APIView.as_view(authentication_classes=(TokenAuthentication,))),
+)
+
+
+class MyMiddleware(object):
+
+    def process_response(self, request, response):
+        assert hasattr(request, 'user'), '`user` is not set on request'
+        assert request.user.is_authenticated(), '`user` is not authenticated'
+        return response
+
+
+class TestMiddleware(APITestCase):
+
+    urls = 'tests.test_middleware'
+
+    def test_middleware_can_access_user_when_processing_response(self):
+        user = User.objects.create_user('john', 'john@example.com', 'password')
+        key = 'abcd1234'
+        Token.objects.create(key=key, user=user)
+
+        with self.settings(
+            MIDDLEWARE_CLASSES=('tests.test_middleware.MyMiddleware',)
+        ):
+            auth = 'Token ' + key
+            self.client.get('/', HTTP_AUTHORIZATION=auth)

tests/test_request.py

@@ -224,7 +224,8 @@ class TestUserSetter(TestCase):
     def setUp(self):
         # Pass request object through session middleware so session is
         # available to login and logout functions
-        self.request = Request(factory.get('/'))
+        self.wrapped_request = factory.get('/')
+        self.request = Request(self.wrapped_request)
         SessionMiddleware().process_request(self.request)
 
         User.objects.create_user('ringo', 'starr@thebeatles.com', 'yellow')
@@ -244,6 +245,10 @@ class TestUserSetter(TestCase):
         logout(self.request)
         self.assertTrue(self.request.user.is_anonymous())
 
+    def test_logged_in_user_is_set_on_wrapped_request(self):
+        login(self.request, self.user)
+        self.assertEqual(self.wrapped_request.user, self.user)
+
 
 class TestAuthSetter(TestCase):