From 90b5888fbcde0c28b9f74915716cc8212125ca22 Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.be>
Date: Sun, 31 Mar 2013 04:06:09 +0200
Subject: [PATCH] Create new auth backend for rest_framework based on session,
 but without csrf.

---
 greenmine/base/auth.py       | 24 ++++++++++++++++++++++++
 greenmine/settings/common.py | 10 +++++-----
 2 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 greenmine/base/auth.py

diff --git a/greenmine/base/auth.py b/greenmine/base/auth.py
new file mode 100644
index 00000000..6ca71405
--- /dev/null
+++ b/greenmine/base/auth.py
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+
+from rest_framework.authentication import BaseAuthentication
+
+
+class SessionAuthentication(BaseAuthentication):
+    """
+    Use Django's session framework for authentication without csrf.
+    """
+
+    def authenticate(self, request):
+        """
+        Returns a `User` if the request session currently has a logged in user.
+        Otherwise returns `None`.
+        """
+
+        http_request = request._request
+        user = getattr(http_request, 'user', None)
+
+        if not user or not user.is_active:
+            return None
+
+        return (user, None)
+
diff --git a/greenmine/settings/common.py b/greenmine/settings/common.py
index 5ee18652..32755125 100644
--- a/greenmine/settings/common.py
+++ b/greenmine/settings/common.py
@@ -163,13 +163,13 @@ TEMPLATE_LOADERS = [
 
 MIDDLEWARE_CLASSES = [
     'django.middleware.common.CommonMiddleware',
+    'django.middleware.locale.LocaleMiddleware',
     'greenmine.base.middleware.GreenmineSessionMiddleware',
     'greenmine.base.middleware.CoorsMiddleware',
-    'django.middleware.locale.LocaleMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
+    #'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
-    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    #'django.contrib.messages.middleware.MessageMiddleware',
+    #'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.transaction.TransactionMiddleware',
     'reversion.middleware.RevisionMiddleware',
 ]
@@ -320,7 +320,7 @@ HAYSTACK_DEFAULT_OPERATOR = 'AND'
 
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
-        'rest_framework.authentication.SessionAuthentication',
+        'greenmine.base.auth.SessionAuthentication',
     ),
     'FILTER_BACKEND': 'rest_framework.filters.DjangoFilterBackend',
 }