Dec 17, 2014 · Nov 28, 2014 · Dec 11, 2014 · Dec 16, 2014 · Dec 12, 2014 · Dec 12, 2014
diff --git a/rest_framework/request.py b/rest_framework/request.py
        Sets the user on the current request. This is necessary to maintain
        compatibility with django.contrib.auth where the user property is
        set in the login and logout functions.

        Sets the user on the wrapped original request as well.
        """
        self._user = value
        self._request.user = value

    @property
    def auth(self):

            if user_auth_tuple is not None:
                self._authenticator = authenticator
                self._user, self._auth = user_auth_tuple
                self.user, self._auth = user_auth_tuple
                return

        self._not_authenticated()
        self._authenticator = None

        if api_settings.UNAUTHENTICATED_USER:
            self._user = api_settings.UNAUTHENTICATED_USER()
            self.user = api_settings.UNAUTHENTICATED_USER()
        else:
            self._user = None
            self.user = None

        if api_settings.UNAUTHENTICATED_TOKEN:
            self._auth = api_settings.UNAUTHENTICATED_TOKEN()
diff --git a/tests/test_middleware.py b/tests/test_middleware.py

 from django.conf.urls import patterns, url
 from django.contrib.auth.models import User
 from rest_framework.authentication import TokenAuthentication
 from rest_framework.authtoken.models import Token
 from rest_framework.test import APITestCase
 from rest_framework.views import APIView


 urlpatterns = patterns(
    '',
    url(r'^$', APIView.as_view(authentication_classes=(TokenAuthentication,))),
 )


 class MyMiddleware(object):

    def process_response(self, request, response):
        assert hasattr(request, 'user'), '`user` is not set on request'
        assert request.user.is_authenticated(), '`user` is not authenticated'
        return response


 class TestMiddleware(APITestCase):

    urls = 'tests.test_middleware'

    def test_middleware_can_access_user_when_processing_response(self):
        user = User.objects.create_user('john', 'john@example.com', 'password')
        key = 'abcd1234'
        Token.objects.create(key=key, user=user)

        with self.settings(
            MIDDLEWARE_CLASSES=('tests.test_middleware.MyMiddleware',)
        ):
            auth = 'Token ' + key
            self.client.get('/', HTTP_AUTHORIZATION=auth)
diff --git a/tests/test_request.py b/tests/test_request.py
    def setUp(self):
        # Pass request object through session middleware so session is
        # available to login and logout functions
        self.request = Request(factory.get('/'))
        self.wrapped_request = factory.get('/')
        self.request = Request(self.wrapped_request)
        SessionMiddleware().process_request(self.request)

        User.objects.create_user('ringo', 'starr@thebeatles.com', 'yellow')
        logout(self.request)
        self.assertTrue(self.request.user.is_anonymous())

    def test_logged_in_user_is_set_on_wrapped_request(self):
        login(self.request, self.user)
        self.assertEqual(self.wrapped_request.user, self.user)


 class TestAuthSetter(TestCase):
Original file line number	Diff line number	Diff line change
Expand Up		@@ -277,8 +277,11 @@ def user(self, value):
		Sets the user on the current request. This is necessary to maintain
		compatibility with django.contrib.auth where the user property is
		set in the login and logout functions.

		Sets the user on the wrapped original request as well.
		"""
		self._user = value
		self._request.user = value

		@property
		def auth(self):
Expand DownExpand Up		@@ -456,7 +459,7 @@ def _authenticate(self):

		if user_auth_tuple is not None:
		self._authenticator = authenticator
		self._user, self._auth = user_auth_tuple
		self.user, self._auth = user_auth_tuple
		return

		self._not_authenticated()
Expand All		@@ -471,9 +474,9 @@ def _not_authenticated(self):
		self._authenticator = None

		if api_settings.UNAUTHENTICATED_USER:
		self._user = api_settings.UNAUTHENTICATED_USER()
		self.user = api_settings.UNAUTHENTICATED_USER()
		else:
		self._user = None
		self.user = None

		if api_settings.UNAUTHENTICATED_TOKEN:
		self._auth = api_settings.UNAUTHENTICATED_TOKEN()
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,37 @@

		from django.conf.urls import patterns, url
		from django.contrib.auth.models import User
		from rest_framework.authentication import TokenAuthentication
		from rest_framework.authtoken.models import Token
		from rest_framework.test import APITestCase
		from rest_framework.views import APIView


		urlpatterns = patterns(
		'',
		url(r'^$', APIView.as_view(authentication_classes=(TokenAuthentication,))),
		)


		class MyMiddleware(object):

		def process_response(self, request, response):
		assert hasattr(request, 'user'), '`user` is not set on request'
		assert request.user.is_authenticated(), '`user` is not authenticated'
		return response


		class TestMiddleware(APITestCase):

		urls = 'tests.test_middleware'

		def test_middleware_can_access_user_when_processing_response(self):
		user = User.objects.create_user('john', 'john@example.com', 'password')
		key = 'abcd1234'
		Token.objects.create(key=key, user=user)

		with self.settings(
		MIDDLEWARE_CLASSES=('tests.test_middleware.MyMiddleware',)
		):
		auth = 'Token ' + key
		self.client.get('/', HTTP_AUTHORIZATION=auth)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -224,7 +224,8 @@ class TestUserSetter(TestCase):
		def setUp(self):
		# Pass request object through session middleware so session is
		# available to login and logout functions
		self.request = Request(factory.get('/'))
		self.wrapped_request = factory.get('/')
		self.request = Request(self.wrapped_request)
		SessionMiddleware().process_request(self.request)

		User.objects.create_user('ringo', 'starr@thebeatles.com', 'yellow')
Expand All		@@ -244,6 +245,10 @@ def test_user_can_logout(self):
		logout(self.request)
		self.assertTrue(self.request.user.is_anonymous())

		def test_logged_in_user_is_set_on_wrapped_request(self):
		login(self.request, self.user)
		self.assertEqual(self.wrapped_request.user, self.user)

Copy link Contributor lovelydinosaurDec 12, 2014 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. I was actually hoping for a test demonstrating the change this has against middleware. The test as it is here demonstrates the implementation, but doesn't make the motivation clear. Copy link Contributor jpadillaDec 12, 2014 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Right, perhaps write a simple Middleware that you can unittest`process_response()` and demonstrate being able to access the expected user there?

		class TestAuthSetter(TestCase):

Expand Down