zenwalker
2/11/2018 - 5:15 PM

auth.py

from rest_framework.authentication import BaseAuthentication


class SessionAuthenticationWithoutCsrf(BaseAuthentication):
    def authenticate(self, request):
        request = request._request
        user = getattr(request, 'user', None)

        if not user or not user.is_active:
            return None

        return (user, None)