Fix middleware to not access session fields without user auth

Change-Id: Idc2b71aa9ca08570e870ac6e356211dfbaa7a726 Fixes: bug #1211535
2013-08-15 17:13:22 -06:00 · 2013-08-15 17:13:22 -06:00 · 2364b695c2
parent 6a818a1c25
commit 2364b695c2
2 changed files with 12 additions and 0 deletions
--- a/horizon/middleware.py
+++ b/horizon/middleware.py
@ -66,6 +66,11 @@ class HorizonMiddleware(object):
                           'panel': None,
                           'async_messages': []}

+        if not hasattr(request, "user") or not request.user.is_authenticated():
+            # proceed no further if the current request is already known
+            # not to be authenticated
+            return None
+
        # If we use cookie-based sessions, check that the cookie size does not
        # reach the max size accepted by common web browsers.
        if (
--- a/openstack_dashboard/settings.py
+++ b/openstack_dashboard/settings.py
@ -251,3 +251,10 @@ COMPRESS_OFFLINE_CONTEXT = {

 if DEBUG:
    logging.basicConfig(level=logging.DEBUG)
+
+# during django reloads and an active user is logged in, the monkey
+# patch below will not otherwise be applied in time - resulting in developers
+# appearing to be logged out.  In typical production deployments this section
+# below may be ommited, though it should not be harmful
+from openstack_auth import utils as auth_utils
+auth_utils.patch_middleware_get_user()