Fix django.contrib.auth.middleware monkey patching

The "request" attribute is not available in openstack_auth.backend.KeystoneBackend.get_user when session data is restored and it's the first request to happen after a server restart. As stated by the function document, the "request" attribute needs to be monkey-patched by openstack_auth.utils.patch_middleware_get_user for this function to work properly. This should happen in openstack_auth.urls at import time. But there is nowhere in Horizon where this module is imported at startup. It's only introspected by openstack_dashboard.urls due to AUTHENTICATION_URLS setting. Without this monkey-patching, the whole authentication mechanism falls back to "AnonymousUser" and you will get redirected to the login page due to horizon.exceptions.NotAuthenticated being raised by horizon.decorators.require_auth as request.user.is_authenticated will be False. But if a user requests a page under auth/, it will have the side-effect of monkey-patching django.contrib.auth.middleware as expected. This means that once this request is completed, all following requests to pages other than the ones under auth/ will have there sessions properly restored and you will be properly authenticated. Therefore this change introduces a dummy middleware which sole purpose is to perform this monkey-patching as early as possible. There is also some cleanup to get rid of the previous attempts at monkeypatching. Closes-bug: #1764622 Change-Id: Ib9912090a87b716e7f5710f6f360b0df168ec2e3
2018-10-31 22:24:31 -04:00 · 2018-10-31 22:24:31 -04:00 · 0d16361326
parent e211eb4cda
commit 0d16361326
8 changed files with 35 additions and 12 deletions
--- a/horizon/test/settings.py
+++ b/horizon/test/settings.py
@ -60,6 +60,7 @@ INSTALLED_APPS = (
 )

 MIDDLEWARE = (
+    'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
--- a/openstack_auth/middleware.py
+++ b/openstack_auth/middleware.py
@ -0,0 +1,25 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack_auth import utils
+
+# NOTE: The main role of this middleware is to call this.
+utils.patch_middleware_get_user()
+
+
+class OpenstackAuthMonkeyPatchMiddleware(object):
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        # Do nothing actually
+        return self.get_response(request)
--- a/openstack_auth/tests/settings.py
+++ b/openstack_auth/tests/settings.py
@ -28,6 +28,7 @@ INSTALLED_APPS = [
 ]

 MIDDLEWARE = [
+    'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
--- a/openstack_auth/tests/urls.py
+++ b/openstack_auth/tests/urls.py
@ -15,13 +15,9 @@ from django.conf.urls import include
 from django.conf.urls import url
 from django.views import generic

-from openstack_auth import utils
 from openstack_auth import views


-utils.patch_middleware_get_user()
-
-
 urlpatterns = [
    url(r"", include('openstack_auth.urls')),
    url(r"^websso/$", views.websso, name='websso'),
--- a/openstack_auth/urls.py
+++ b/openstack_auth/urls.py
@ -17,8 +17,6 @@ from django.views import generic
 from openstack_auth import utils
 from openstack_auth import views

-utils.patch_middleware_get_user()
-

 urlpatterns = [
    url(r"^login/$", views.login, name='login'),
--- a/openstack_auth/utils.py
+++ b/openstack_auth/utils.py
@ -37,8 +37,8 @@ We need the request object to get the user, so we'll slightly modify the
 existing django.contrib.auth.get_user method. To do so we update the
 auth middleware to point to our overridden method.

-Calling the "patch_middleware_get_user" method somewhere like our urls.py
-file takes care of hooking it in appropriately.
+Calling "patch_middleware_get_user" is done in our custom middleware at
+"openstack_auth.middleware" to monkeypatch the code in before it is needed.
 """


--- a/openstack_dashboard/settings.py
+++ b/openstack_dashboard/settings.py
@ -110,6 +110,7 @@ OPENSTACK_IMAGE_BACKEND = {
 }

 MIDDLEWARE = (
+    'openstack_auth.middleware.OpenstackAuthMonkeyPatchMiddleware',
    'debreach.middleware.RandomCommentMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
--- a/openstack_dashboard/test/helpers.py
+++ b/openstack_dashboard/test/helpers.py
@ -408,10 +408,11 @@ class BaseAdminViewTests(TestCase):
        self.client.cookies[settings.SESSION_COOKIE_NAME] = store.session_key


-class APITestCase(TestCase):
-    def setUp(self):
-        super(APITestCase, self).setUp()
-        utils.patch_middleware_get_user()
+# NOTE(adriant): APITestCase was only needed for some openstack_auth
+# monkeypatching. With the new monkeypatch middleware from openstack_auth this
+# is not needed.
+# TODO(adriant): Clean up APITestCase usage in horizon plugins.
+APITestCase = TestCase


 # APIMockTestCase was introduced to support mox to mock migration smoothly