diff --git a/keystone/server/flask/core.py b/keystone/server/flask/core.py index 36a494a9b4..02d89c5588 100644 --- a/keystone/server/flask/core.py +++ b/keystone/server/flask/core.py @@ -27,6 +27,7 @@ oslo_i18n.enable_lazy() from keystone.common import profiler import keystone.conf +import keystone.middleware import keystone.server from keystone.server.flask import application @@ -51,18 +52,23 @@ _APP_MIDDLEWARE = ( _Middleware(namespace='keystone.server_middleware', ep='http_proxy_to_wsgi', conf={}), - _Middleware(namespace='keystone.server_middleware', - ep='url_normalize', - conf={}), _Middleware(namespace='keystone.server_middleware', ep='osprofiler', conf={}), _Middleware(namespace='keystone.server_middleware', ep='request_id', conf={}), - _Middleware(namespace='keystone.server_middleware', - ep='build_auth_context', - conf={}), +) + +# NOTE(morgan): ORDER HERE IS IMPORTANT! Each of these middlewares are +# implemented/defined explicitly in Keystone Server. They do some level of +# lifting to ensure the request is properly handled. It is importat to note +# that these will be processed in the order of this list AND after all +# middleware defined in _APP_MIDDLEWARE. AuthContextMiddleware should always +# be the last element here as long as it is an actual Middleware. +_KEYSTONE_MIDDLEWARE = ( + keystone.middleware.NormalizingFilter, + keystone.middleware.AuthContextMiddleware, ) @@ -89,6 +95,7 @@ def setup_app_middleware(app): # processes the request first. MW = _APP_MIDDLEWARE + IMW = _KEYSTONE_MIDDLEWARE # Add in optional (config-based) middleware # NOTE(morgan): Each of these may need to be in a specific location @@ -99,6 +106,11 @@ def setup_app_middleware(app): ep='debug', conf={}),) + _APP_MIDDLEWARE + # Apply internal-only Middleware (e.g. AuthContextMiddleware). These + # are below all externally loaded middleware in request processing. + for mw in reversed(IMW): + app.wsgi_app = mw(app.wsgi_app) + # Apply the middleware to the application. for mw in reversed(MW): # TODO(morgan): Explore moving this to ExtensionManager, but we diff --git a/keystone/tests/unit/test_entry_points.py b/keystone/tests/unit/test_entry_points.py index 340be0b920..1da8884f13 100644 --- a/keystone/tests/unit/test_entry_points.py +++ b/keystone/tests/unit/test_entry_points.py @@ -20,12 +20,10 @@ class TestEntryPoints(test.TestCase): def test_entry_point_middleware(self): """Assert that our list of expected middleware is present.""" expected_names = [ - 'build_auth_context', 'cors', 'debug', 'request_id', 'sizelimit', - 'url_normalize', ] em = stevedore.ExtensionManager('keystone.server_middleware') diff --git a/setup.cfg b/setup.cfg index 29bb2f41b5..7dcfd0581f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -193,8 +193,5 @@ keystone.server_middleware = sizelimit = oslo_middleware:RequestBodySizeLimiter http_proxy_to_wsgi = oslo_middleware:HTTPProxyToWSGI osprofiler = osprofiler.web:WsgiMiddleware - url_normalize = keystone.middleware:NormalizingFilter request_id = oslo_middleware:RequestId - build_auth_context = keystone.middleware:AuthContextMiddleware - token_auth = keystone.middleware:TokenAuthMiddleware debug = oslo_middleware:Debug