#35555: Add additional middleware checks for django.contrib.auth
-------------------------------------+-------------------------------------
Reporter: Jaap Roes | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: auth session | Triage Stage:
middleware checks | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Description changed by Jaap Roes:
Old description:
> The `django.contrib.auth.checks` module defines a
> [https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/checks.py#L240-L262
> check_middleware] function. This function currently checks if
> `LoginRequiredMiddleware` is enabled, if so it checks if
> `AuthenticationMiddleware` is also enabled, and is placed before it.
>
> This is nice, and something than happens at runtime for other middlewares
> in `contrib.auth`, for example:
>
> [https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/middleware.py#L91-L120
> RemoveUserMiddleware] raises a `ImproperlyConfigured` error if it's
> enabled but `AuthenticationMiddleware` isn't enabled, or is placed after
> it.
>
> [https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/middleware.py#L27-L38
> AuthenticationMiddleware] itself also raises a `ImproperlyConfigured`
> error if it's enabled but `SessionMiddleware` is not (or isn't executed
> before reaching it).
>
> I can contribute a patch, unless there's any reason **not** to do this.
New description:
The `django.contrib.auth.checks` module defines a
[https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/checks.py#L240-L262
check_middleware] function. This function currently checks if
`LoginRequiredMiddleware` is enabled, if so it checks if
`AuthenticationMiddleware` is also enabled, and is placed before it.
This is nice, and something than happens at runtime for other middlewares
in `contrib.auth`, for example:
[https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/middleware.py#L91-L120
RemoteUserMiddleware] raises a `ImproperlyConfigured` error if it's
enabled but `AuthenticationMiddleware` isn't enabled, or is placed after
it.
[https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/middleware.py#L27-L38
AuthenticationMiddleware] itself also raises a `ImproperlyConfigured`
error if it's enabled but `SessionMiddleware` is not (or isn't executed
before reaching it).
I can contribute a patch, unless there's any reason **not** to do this.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/35555#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701904fec6755-19796c0e-2764-48c1-b716-b92fa655c9af-000000%40eu-central-1.amazonses.com.
