0d16361326
The "request" attribute is not available in openstack_auth.backend.KeystoneBackend.get_user when session data is restored and it's the first request to happen after a server restart. As stated by the function document, the "request" attribute needs to be monkey-patched by openstack_auth.utils.patch_middleware_get_user for this function to work properly. This should happen in openstack_auth.urls at import time. But there is nowhere in Horizon where this module is imported at startup. It's only introspected by openstack_dashboard.urls due to AUTHENTICATION_URLS setting. Without this monkey-patching, the whole authentication mechanism falls back to "AnonymousUser" and you will get redirected to the login page due to horizon.exceptions.NotAuthenticated being raised by horizon.decorators.require_auth as request.user.is_authenticated will be False. But if a user requests a page under auth/, it will have the side-effect of monkey-patching django.contrib.auth.middleware as expected. This means that once this request is completed, all following requests to pages other than the ones under auth/ will have there sessions properly restored and you will be properly authenticated. Therefore this change introduces a dummy middleware which sole purpose is to perform this monkey-patching as early as possible. There is also some cleanup to get rid of the previous attempts at monkeypatching. Closes-bug: #1764622 Change-Id: Ib9912090a87b716e7f5710f6f360b0df168ec2e3
40 lines
1.3 KiB
Python
40 lines
1.3 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from django.conf.urls import url
|
|
from django.views import generic
|
|
|
|
from openstack_auth import utils
|
|
from openstack_auth import views
|
|
|
|
|
|
urlpatterns = [
|
|
url(r"^login/$", views.login, name='login'),
|
|
url(r"^logout/$", views.logout, name='logout'),
|
|
url(r'^switch/(?P<tenant_id>[^/]+)/$', views.switch,
|
|
name='switch_tenants'),
|
|
url(r'^switch_services_region/(?P<region_name>[^/]+)/$',
|
|
views.switch_region,
|
|
name='switch_services_region'),
|
|
url(r'^switch_keystone_provider/(?P<keystone_provider>[^/]+)/$',
|
|
views.switch_keystone_provider,
|
|
name='switch_keystone_provider')
|
|
]
|
|
|
|
if utils.is_websso_enabled():
|
|
urlpatterns += [
|
|
url(r"^websso/$", views.websso, name='websso'),
|
|
url(r"^error/$",
|
|
generic.TemplateView.as_view(template_name="403.html"))
|
|
]
|