[Update] serializer mixin继承 (#2810)

* [Update] serializer mixin继承 * [Update] 修改system user更新serialzier * [Update] 修改success message
2026-01-29 21:51:31 +00:00 · 2019-06-19 16:45:14 +08:00
parent d6165e5975
commit 10616b8d9e
20 changed files with 102 additions and 51 deletions
--- a/apps/authentication/backends/api.py
+++ b/apps/authentication/backends/api.py
@@ -147,7 +147,23 @@ class PrivateTokenAuthentication(authentication.TokenAuthentication):


 class SessionAuthentication(authentication.SessionAuthentication):
-    def enforce_csrf(self, request):
-        reason = CSRFCheck().process_view(request, None, (), {})
-        if reason:
-            raise exceptions.AuthenticationFailed(reason)
+    def authenticate(self, request):
+        """
+        Returns a `User` if the request session currently has a logged in user.
+        Otherwise returns `None`.
+        """
+
+        # Get the session-based user from the underlying HttpRequest object
+        user = getattr(request._request, 'user', None)
+
+        # Unauthenticated, CSRF validation not required
+        if not user or not user.is_active:
+            return None
+
+        try:
+            self.enforce_csrf(request)
+        except exceptions.AuthenticationFailed:
+            return None
+
+        # CSRF passed with authenticated user
+        return user, None