[Django] #35555: Add additional middleware checks for django.contrib.auth

Mon, 24 Jun 2024 08:52:14 -0700 

#35555: Add additional middleware checks for django.contrib.auth
-------------------------------------+-------------------------------------
               Reporter:  Jaap Roes  |          Owner:  nobody
                   Type:             |         Status:  new
  Cleanup/optimization               |
              Component:             |        Version:  dev
  contrib.auth                       |       Keywords:  auth session
               Severity:  Normal     |  middleware checks
           Triage Stage:             |      Has patch:  0
  Unreviewed                         |
    Needs documentation:  0          |    Needs tests:  0
Patch needs improvement:  0          |  Easy pickings:  0
                  UI/UX:  0          |
-------------------------------------+-------------------------------------
 The `django.contrib.auth.checks` module defines a
 
[https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/checks.py#L240-L262
 check_middleware] function. This function currently checks if
 `LoginRequiredMiddleware` is enabled, if so it checks if
 `AuthenticationMiddleware` is also enabled, and is placed before it.

 This is nice, and something than happens at runtime for other middlewares
 in `contrib.auth`, for example:

 
[https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/middleware.py#L91-L120
 RemoveUserMiddleware] raises a `ImproperlyConfigured` error if it's
 enabled but `AuthenticationMiddleware` isn't enabled, or is placed after
 it.

 
[https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/middleware.py#L27-L38
 AuthenticationMiddleware] itself also raises a `ImproperlyConfigured`
 error if it's enabled but `SessionMiddleware` is not (or isn't executed
 before reaching it).

 I can contribute a patch, unless there's any reason **not** to do this.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/35555>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/010701904af288a6-aacc2037-1923-4933-b1fd-f6c60eb741f0-000000%40eu-central-1.amazonses.com.

Reply via email to