From cb4150b4f9d779ee9ef9fa4fc5067e2ddc7468d5 Mon Sep 17 00:00:00 2001
From: Rakan Alhneiti <rakan.alhneiti@gmail.com>
Date: Thu, 21 Nov 2013 00:21:21 +0300
Subject: [PATCH] Token authentication should allow logged-in users from taking
 advantage of the browsable API feature by checking if the user is logged-in.
 In that case, get or create the token and let the logged in user pass through
 the process

---
 rest_framework/authentication.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index cf001a24d..11c8001c3 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -150,6 +150,16 @@ class TokenAuthentication(BaseAuthentication):
     """
 
     def authenticate(self, request):
+        # Get the underlying HttpRequest object
+        request = request._request
+        user = getattr(request, 'user', None)
+
+        # If we have a logged-in user, skip checking and let the user pass
+        if user and user.is_active:
+            token = self.model.objects.get_or_create(user=user)[0]
+
+            return (user, token)
+            
         auth = get_authorization_header(request).split()
 
         if not auth or auth[0].lower() != b'token':