Fix django.contrib.auth.middleware monkey patching
The "request" attribute is not available in
openstack_auth.backend.KeystoneBackend.get_user when session data is restored
and it's the first request to happen after a server restart.
As stated by the function document, the "request" attribute needs to be
monkey-patched by openstack_auth.utils.patch_middleware_get_user
for this function to work properly.
This should happen in openstack_auth.urls at import time. But there is nowhere
in Horizon where this module is imported at startup. It's only introspected
by openstack_dashboard.urls due to AUTHENTICATION_URLS setting.
Without this monkey-patching, the whole authentication mechanism falls back
to "AnonymousUser" and you will get redirected to the login page due
to horizon.exceptions.NotAuthenticated being raised by
horizon.decorators.require_auth as request.user.is_authenticated will be False.
But if a user requests a page under auth/, it will have the side-effect of
monkey-patching django.contrib.auth.middleware as expected. This means that
once this request is completed, all following requests to pages other than
the ones under auth/ will have there sessions properly restored and
you will be properly authenticated.
Therefore this change introduces a dummy middleware which sole purpose is
to perform this monkey-patching as early as possible.
There is also some cleanup to get rid of the previous attempts at
monkeypatching.
Closes-bug: #1764622
Conflicts:
openstack_dashboard/settings.py
openstack_dashboard/test/helpers.py
Change-Id: Ib9912090a87b716e7f5710f6f360b0df168ec2e3
(cherry picked from commit 0d16361326
)
This commit is contained in:
parent
ec53bbce69
commit
8851866aad
@ -60,6 +60,7 @@ INSTALLED_APPS = (
|
|||||||
)
|
)
|
||||||
|
|
||||||
MIDDLEWARE = (
|
MIDDLEWARE = (
|
||||||
|
'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
|
25
openstack_auth/middleware.py
Normal file
25
openstack_auth/middleware.py
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from openstack_auth import utils
|
||||||
|
|
||||||
|
# NOTE: The main role of this middleware is to call this.
|
||||||
|
utils.patch_middleware_get_user()
|
||||||
|
|
||||||
|
|
||||||
|
class OpenstackAuthMonkeyPatchMiddleware(object):
|
||||||
|
def __init__(self, get_response):
|
||||||
|
self.get_response = get_response
|
||||||
|
|
||||||
|
def __call__(self, request):
|
||||||
|
# Do nothing actually
|
||||||
|
return self.get_response(request)
|
@ -28,6 +28,7 @@ INSTALLED_APPS = [
|
|||||||
]
|
]
|
||||||
|
|
||||||
MIDDLEWARE = [
|
MIDDLEWARE = [
|
||||||
|
'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
|
@ -15,13 +15,9 @@ from django.conf.urls import include
|
|||||||
from django.conf.urls import url
|
from django.conf.urls import url
|
||||||
from django.views import generic
|
from django.views import generic
|
||||||
|
|
||||||
from openstack_auth import utils
|
|
||||||
from openstack_auth import views
|
from openstack_auth import views
|
||||||
|
|
||||||
|
|
||||||
utils.patch_middleware_get_user()
|
|
||||||
|
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
url(r"", include('openstack_auth.urls')),
|
url(r"", include('openstack_auth.urls')),
|
||||||
url(r"^websso/$", views.websso, name='websso'),
|
url(r"^websso/$", views.websso, name='websso'),
|
||||||
|
@ -16,8 +16,6 @@ from django.conf.urls import url
|
|||||||
from openstack_auth import utils
|
from openstack_auth import utils
|
||||||
from openstack_auth import views
|
from openstack_auth import views
|
||||||
|
|
||||||
utils.patch_middleware_get_user()
|
|
||||||
|
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
url(r"^login/$", views.login, name='login'),
|
url(r"^login/$", views.login, name='login'),
|
||||||
|
@ -37,8 +37,8 @@ We need the request object to get the user, so we'll slightly modify the
|
|||||||
existing django.contrib.auth.get_user method. To do so we update the
|
existing django.contrib.auth.get_user method. To do so we update the
|
||||||
auth middleware to point to our overridden method.
|
auth middleware to point to our overridden method.
|
||||||
|
|
||||||
Calling the "patch_middleware_get_user" method somewhere like our urls.py
|
Calling "patch_middleware_get_user" is done in our custom middleware at
|
||||||
file takes care of hooking it in appropriately.
|
"openstack_auth.middleware" to monkeypatch the code in before it is needed.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
@ -110,6 +110,7 @@ OPENSTACK_IMAGE_BACKEND = {
|
|||||||
}
|
}
|
||||||
|
|
||||||
MIDDLEWARE = (
|
MIDDLEWARE = (
|
||||||
|
'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
|
@ -496,7 +496,6 @@ class APITestCase(TestCase):
|
|||||||
LOG.warning("APITestCase has been deprecated in favor of mock usage "
|
LOG.warning("APITestCase has been deprecated in favor of mock usage "
|
||||||
"and will be removed at the beginning of 'Stein' release. "
|
"and will be removed at the beginning of 'Stein' release. "
|
||||||
"Please convert your to use APIMockTestCase instead.")
|
"Please convert your to use APIMockTestCase instead.")
|
||||||
utils.patch_middleware_get_user()
|
|
||||||
|
|
||||||
def fake_keystoneclient(request, admin=False):
|
def fake_keystoneclient(request, admin=False):
|
||||||
"""Returns the stub keystoneclient.
|
"""Returns the stub keystoneclient.
|
||||||
@ -616,11 +615,10 @@ class APITestCase(TestCase):
|
|||||||
return self.swiftclient
|
return self.swiftclient
|
||||||
|
|
||||||
|
|
||||||
class APIMockTestCase(TestCase):
|
# NOTE(adriant): APIMockTestCase was only needed for some openstack_auth
|
||||||
|
# monkeypatching. With the new monkeypatch middleware from openstack_auth this
|
||||||
def setUp(self):
|
# is not needed. This class is used by horizon plugins, so we cannot drop it.
|
||||||
super(APIMockTestCase, self).setUp()
|
APIMockTestCase = TestCase
|
||||||
utils.patch_middleware_get_user()
|
|
||||||
|
|
||||||
|
|
||||||
# Need this to test both Glance API V1 and V2 versions
|
# Need this to test both Glance API V1 and V2 versions
|
||||||
|
Loading…
Reference in New Issue
Block a user