ease patching Django object behavior in another django packages

[Sergey Glazyrin]

Hello guys!

I faced a situation when auth backend needs access to request object inside of get_user auth backend function

https://code.djangoproject.com/ticket/29005

I can patch it following way (function to be patched is django.contrib.auth.get_user)

def get_user(request):

 

......
code
.....
         backend = load_backend(backend_path)
         backend,request = request
.....
code
.....

But I don't like this solution because I'll need to keep my eyes on this monkey patch while django upgrade, etc, and it's very dirty hack.

Instead I propose to extend django behaviour using design pattern Builder to simplify integration of another apps into django object internals (it sounds hacky, but it's safe and simple to implement)

with change I proposed, the patch would be done on django level, we need to add

def get_user(request):

...
code
...

         backend = load_backend(backend_path)
DjangoObjectBuilder.do_initialize_object(backend, request)
....
code
....

and in another django package we subscribe to this object initialization:

def add_request_to_backend(obj, request):
    obj.request = request
DjangoObjectBuilder.add_custom_initializer(lambda obj: isinstance(obj, openstack_auth.Backend), add_request_to_backend)

[Tom Forbes]

I think Tim’s assessment in the ticket is on point, a DjangoObjectBuilder would look very strange and out of place if included (it’s not particularly pythonic either). 

Seems like there might be a legitimate issue here (or maybe just bad designs in OpenStack?), but unless I’m misunderstanding something couldn’t you call ‘auth_user.create_user_from_token’ yourself and set it on the request object rather than monkeypatch Django?

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/5dffbda9-7239-489e-9530-564df9ab578e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sergey Glazyrin]

Hello Tom

Thank you for your reply

Let me explain the situation again

Openstack auth doesn't use django models at all, it uses keystoneauth authorization logic

And this logic requires some data from request to recognize user

https://github.com/openstack/horizon/blob/master/openstack_auth/backend.py#L66

In case of default django function get_user shouldn't have an access to request because it uses django model to get a user but in case of openstack it's totally different

And unfortunately I see one way - patch django get_user method because we need it for django-websocket-redis uwsgi process

https://github.com/jrief/django-websocket-redis/blob/master/ws4redis/wsgi_server.py#L69

Right now the problem is in django-websocket-redis uwsgi process the user is always Anonymous because openstack auth is not able to recognize user due to the request absence in openstackauthbackend.

About my solution, well, I am happy to accept any ideas, my solution uses one of design patterns to solve a problem. Well, the problem is simple: we have few different packages which uses one class, but for some specific case this class should have an access to another object, for such purposes, there's a pattern Builder

https://sourcemaking.com/design_patterns/builder

As I said, I am happy to accept any comments, ideas how to solve it more properly

Thank you again for your time.

середа, 10 січня 2018 р. 14:17:50 UTC+1 користувач Tom Forbes написав:

[Sergey Glazyrin]

But the one thing I don't like is monkey patching. It's ok when you patch some whole implementation of something, for example, replace socket implementation in gevent with socket implementation in redis.

But when we need to patch something internally in function, that's bad....

So, I want just to improve design of django to simplify it in future.

But again, I respect django developers opinion and it's up to you :)

середа, 10 січня 2018 р. 19:00:56 UTC+1 користувач Sergey Glazyrin написав:

[Sergey Glazyrin]

Btw, I see no way how do I use this auth_user.create_user_from_token to solve this problem.

It uses django contrib auth get_user function, so the proper place is to to use django auth backend logic.

середа, 10 січня 2018 р. 14:17:50 UTC+1 користувач Tom Forbes написав:

I think Tim’s assessment in the ticket is on point, a DjangoObjectBuilder would look very strange and out of place if included (it’s not particularly pythonic either). 

[Tim Graham]

Without studying the openstack code much it's hard for me to say if the solution there is the best approach and that a more elegant solution doesn't exist. It looks like if we added 'request' to the signature of the authentication backend get_user() method, that would remove the need for monkey patching. We did a similar change for the authenticate() method [1], I'm not sure if there would be consensus to make the change.

[1] https://code.djangoproject.com/ticket/25187

[Sergey Glazyrin]

Yes, that would be a consensus but who knows the future, what if one day another django auth backend will need request in another method,

that's why I prefer the idea of implementing it into design pattern "Builder" way. It's much more cleaner solution, imho

середа, 10 січня 2018 р. 19:18:28 UTC+1 користувач Tim Graham написав:

[Sergey Glazyrin]

that would allow another python packages to subscribe to specific parts of building django objects and that would be very expandable solution

середа, 10 січня 2018 р. 19:18:28 UTC+1 користувач Tim Graham написав:

Without studying the openstack code much it's hard for me to say if the solution there is the best approach and that a more elegant solution doesn't exist. It looks like if we added 'request' to the signature of the authentication backend get_user() method, that would remove the need for monkey patching. We did a similar change for the authenticate() method [1], I'm not sure if there would be consensus to make the change.

[Tom Forbes]

I would be in favour of a mechanism to help with this use case, I ran into a somewhat similar issue when using JWTs and a non-model backed user. 

Adding a user parameter seems like the easiest solution and quite simple, whereas adding a builder class into this particular section of Django seems like it would be harder to get consensus. 

You could maybe get more traction if you suggested firing a signal that is passed the auth instance as a parameter when it is initialized, which is akin to your suggestion, however IMO that's still not a great idea.

To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.

Visit this group at https://groups.google.com/group/django-developers.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/9ae497ad-3c48-4cb9-9122-1b67c5186066%40googlegroups.com.

[Sergey Glazyrin]

We use function load_backend in django about 5 times in production code, so, it shouldn't be a big change

About signals idea: yes, I can implement it using signals abstraction though I prefer to be tied to the "Builder" idea, there would no big difference between signals and Builder implementation in this case because load_backend always returns a new instance of the class, so, I expect no threading problems, etc, it's just a way to distribute process of building objects

About adding request to get_user, I don't like it because then all dependent of django projects will need to change backends, it would be worst for community 

середа, 10 січня 2018 р. 19:52:06 UTC+1 користувач Tom Forbes написав:

[Tom Forbes]

Django has managed this before by examining the function signature. Adding a property directly onto the instance could cause some issues, for example if there is already a user property. I guess this could be detected and a deprecation warning issued though.

Anyway, this is all academic unless there is consensus. 

To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.

Visit this group at https://groups.google.com/group/django-developers.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/889705e4-7247-4860-97bd-ee7f0bcbdbc5%40googlegroups.com.

[Sergey Glazyrin]

ok, let me know if there would be any consensus and I'll change my solution according to maintainers consensus.

середа, 10 січня 2018 р. 20:10:46 UTC+1 користувач Tom Forbes написав:

[Sergey Glazyrin]

or we can add a simple builder helper

def build_backend_django_object(class_, request):

obj = class_()

if hasattr(obj, 'request'):

   warnings.warn('Please change your auth backend because now we pass to the instance of backend HttpRequest object')

else:

   obj.request = request

return obj

середа, 10 січня 2018 р. 20:13:06 UTC+1 користувач Sergey Glazyrin написав:

[Sergey Glazyrin]

hello guys!

I added a new changeset to reflect what we discussed here

Please check it out.

https://github.com/django/django/compare/master...sergeyglazyrindev:master

середа, 10 січня 2018 р. 21:02:41 UTC+1 користувач Sergey Glazyrin написав: