Fix middleware to not access session fields without user auth
Change-Id: Idc2b71aa9ca08570e870ac6e356211dfbaa7a726 Fixes: bug #1211535
This commit is contained in:
parent
6a818a1c25
commit
2364b695c2
|
@ -66,6 +66,11 @@ class HorizonMiddleware(object):
|
|||
'panel': None,
|
||||
'async_messages': []}
|
||||
|
||||
if not hasattr(request, "user") or not request.user.is_authenticated():
|
||||
# proceed no further if the current request is already known
|
||||
# not to be authenticated
|
||||
return None
|
||||
|
||||
# If we use cookie-based sessions, check that the cookie size does not
|
||||
# reach the max size accepted by common web browsers.
|
||||
if (
|
||||
|
|
|
@ -251,3 +251,10 @@ COMPRESS_OFFLINE_CONTEXT = {
|
|||
|
||||
if DEBUG:
|
||||
logging.basicConfig(level=logging.DEBUG)
|
||||
|
||||
# during django reloads and an active user is logged in, the monkey
|
||||
# patch below will not otherwise be applied in time - resulting in developers
|
||||
# appearing to be logged out. In typical production deployments this section
|
||||
# below may be ommited, though it should not be harmful
|
||||
from openstack_auth import utils as auth_utils
|
||||
auth_utils.patch_middleware_get_user()
|
||||
|
|
Loading…
Reference in New Issue