Fix django.contrib.auth.middleware monkey patching

The "request" attribute is not available in
openstack_auth.backend.KeystoneBackend.get_user when session data is restored
and it's the first request to happen after a server restart.

As stated by the function document, the "request" attribute needs to be
monkey-patched by openstack_auth.utils.patch_middleware_get_user
for this function to work properly.

This should happen in openstack_auth.urls at import time. But there is nowhere
in Horizon where this module is imported at startup. It's only introspected
by openstack_dashboard.urls due to AUTHENTICATION_URLS setting.

Without this monkey-patching, the whole authentication mechanism falls back
to "AnonymousUser" and you will get redirected to the login page due
to horizon.exceptions.NotAuthenticated being raised by
horizon.decorators.require_auth as request.user.is_authenticated will be False.

But if a user requests a page under auth/, it will have the side-effect of
monkey-patching django.contrib.auth.middleware as expected. This means that
once this request is completed, all following requests to pages other than
the ones under auth/ will have there sessions properly restored and
you will be properly authenticated.

Therefore this change introduces a dummy middleware which sole purpose is
to perform this monkey-patching as early as possible.

There is also some cleanup to get rid of the previous attempts at
monkeypatching.

Closes-bug: #1764622
Change-Id: Ib9912090a87b716e7f5710f6f360b0df168ec2e3
This commit is contained in:
Mathieu Gagné 2018-10-31 22:24:31 -04:00 committed by Akihiro Motoki
parent e211eb4cda
commit 0d16361326
8 changed files with 35 additions and 12 deletions

View File

@ -60,6 +60,7 @@ INSTALLED_APPS = (
) )
MIDDLEWARE = ( MIDDLEWARE = (
'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',

View File

@ -0,0 +1,25 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from openstack_auth import utils
# NOTE: The main role of this middleware is to call this.
utils.patch_middleware_get_user()
class OpenstackAuthMonkeyPatchMiddleware(object):
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
# Do nothing actually
return self.get_response(request)

View File

@ -28,6 +28,7 @@ INSTALLED_APPS = [
] ]
MIDDLEWARE = [ MIDDLEWARE = [
'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',

View File

@ -15,13 +15,9 @@ from django.conf.urls import include
from django.conf.urls import url from django.conf.urls import url
from django.views import generic from django.views import generic
from openstack_auth import utils
from openstack_auth import views from openstack_auth import views
utils.patch_middleware_get_user()
urlpatterns = [ urlpatterns = [
url(r"", include('openstack_auth.urls')), url(r"", include('openstack_auth.urls')),
url(r"^websso/$", views.websso, name='websso'), url(r"^websso/$", views.websso, name='websso'),

View File

@ -17,8 +17,6 @@ from django.views import generic
from openstack_auth import utils from openstack_auth import utils
from openstack_auth import views from openstack_auth import views
utils.patch_middleware_get_user()
urlpatterns = [ urlpatterns = [
url(r"^login/$", views.login, name='login'), url(r"^login/$", views.login, name='login'),

View File

@ -37,8 +37,8 @@ We need the request object to get the user, so we'll slightly modify the
existing django.contrib.auth.get_user method. To do so we update the existing django.contrib.auth.get_user method. To do so we update the
auth middleware to point to our overridden method. auth middleware to point to our overridden method.
Calling the "patch_middleware_get_user" method somewhere like our urls.py Calling "patch_middleware_get_user" is done in our custom middleware at
file takes care of hooking it in appropriately. "openstack_auth.middleware" to monkeypatch the code in before it is needed.
""" """

View File

@ -110,6 +110,7 @@ OPENSTACK_IMAGE_BACKEND = {
} }
MIDDLEWARE = ( MIDDLEWARE = (
'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
'debreach.middleware.RandomCommentMiddleware', 'debreach.middleware.RandomCommentMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',

View File

@ -408,10 +408,11 @@ class BaseAdminViewTests(TestCase):
self.client.cookies[settings.SESSION_COOKIE_NAME] = store.session_key self.client.cookies[settings.SESSION_COOKIE_NAME] = store.session_key
class APITestCase(TestCase): # NOTE(adriant): APITestCase was only needed for some openstack_auth
def setUp(self): # monkeypatching. With the new monkeypatch middleware from openstack_auth this
super(APITestCase, self).setUp() # is not needed.
utils.patch_middleware_get_user() # TODO(adriant): Clean up APITestCase usage in horizon plugins.
APITestCase = TestCase
# APIMockTestCase was introduced to support mox to mock migration smoothly # APIMockTestCase was introduced to support mox to mock migration smoothly