LoginRequiredMiddleware prevents Django Rest Framework from logging in via tokens

[silpheel]

Currently, when LoginRequiredMiddleware is enabled, Django Rest Framework can no longer use tokens to authenticate, and will always return a 302 status without a chance to login. For the project I'm integrating into, I need both login and tokens to be available.

This is due to the token-based login occurring after all middleware has gone through the process_request() phase, but before the process_response() phase. LoginRequiredMiddleware expects authentication to have already happened thanks to AuthenticationMiddleware, and thus DRF never gets a chance to look at the token before we get redirected.

1. Set up a project with DjangoRestFramework
2. Set up an endpoint to protect with Django's login_required decorator
3. Set up the Token system for DRF
4. In a browser, without logging in, try to access the endpoint. Access is denied, according to configuration
5. Using Postman or any other means to call the endpoint including the AUTHORIZATION header, with value Token x where x is the appropriate token value. The endpoint is accessible thanks to authentication via token
6. Remove the login_required decorator from the endpoint
7. Set up LoginRequiredMiddleware to redirect all or some paths, including the above endpoint
8. In a browser, without logging in, try to access the endpoint. A redirect occurs, which is expected
9. Using Postman or any other means to call the endpoint including the AUTHORIZATION header, with value Token x where x is the appropriate token value. A redirect occurs, even though a valid token was provided

A PR was submitted to fix this behaviour: #79