[Django] #30237: django.contrib.admin checks for django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom authentication middleware from 2.1
Django
django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom
authentication middleware from 2.1
-----------------------------------------+------------------------
Reporter: Alek Ratzloff | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.admin | Version: 2.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
I am attempting an upgrade from 2.1 to 2.2b1. I have a custom middleware
in place for authentication which essentially wraps around the base
AuthenticationMiddleware and sets/unsets a cookie upon login and logout.
This was working with Django 2.1 as my authentication middleware.
Now, when I attempt to start my application, the check fails with
admin.E408:
?: (admin.E408) 'django.contrib.auth.middleware.AuthenticationMiddleware'
must be in MIDDLEWARE in order to use the admin application.
Is this a bug/regression, or have I been using the middleware incorrectly
this whole time?
--
Ticket URL: <https://code.djangoproject.com/ticket/30237>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom
authentication middleware from 2.1
Reporter: Alek Ratzloff | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.admin | Version: 2.2
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham):
The check is new in Django 2.2 (371ece2f0682e51f2f796854d3e091827a7cea63).
It might be possible to modify it so that it detects
`AuthenticationMiddleware` subclasses. You could also simply add that
error to your `SILENCED_SYSTEM_CHECKS` setting.
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:1>
Django
django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom
authentication middleware from 2.1
Reporter: Alek Ratzloff | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.admin | Version: 2.2
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Simon Charette):
Agreed, `import_string` should be used to perform `issubclass` checks.
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:2>
Django
django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom
authentication middleware from 2.1
Reporter: Alek Ratzloff | Owner: hermansc
Type: Uncategorized | Status: assigned
Component: contrib.admin | Version: 2.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by hermansc):
* owner: nobody => hermansc
* status: new => assigned
Comment:
I created a pull request with a possible solution to this issue.
Reproduced the issue and tested that the patch worked for me:
https://github.com/django/django/pull/11057
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:3>
Django
django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom
authentication middleware from 2.1
Reporter: Alek Ratzloff | Owner: hermansc
Component: contrib.admin | Version: 2.2
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Changes (by Simon Charette):
* severity: Normal => Release blocker
* needs_better_patch: 0 => 1
* needs_tests: 0 => 1
* has_patch: 0 => 1
* type: Uncategorized => Bug
* stage: Unreviewed => Accepted
Comment:
Thanks for the PR. I left a few comments for improvements on the PR.
Please uncheck ''patch needs improvement'' and ''needs tests'' once they
are addressed.
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:4>
Django
---------------------------------+------------------------------------
Reporter: Alek Ratzloff | Owner: hermansc
Type: Bug | Status: assigned
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 1
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:5>
Django
---------------------------------+------------------------------------
Type: Bug | Status: assigned
Component: contrib.admin | Version: 2.2
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Herman S):
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:6>
Django
Reporter: Alek Ratzloff | Owner: Herman S
Type: Bug | Status: assigned
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Carlton Gibson):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:7>
Django
-------------------------------------+-------------------------------------
Reporter: Alek Ratzloff | Owner: Herman S
Component: contrib.admin | Version: 2.2
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"f976ab1b117574db78d884c94e549a6b8e4c9f9b" f976ab1b]:
{{{
#!CommitTicketReference repository=""
revision="f976ab1b117574db78d884c94e549a6b8e4c9f9b"
Fixed #30237 -- Made Authentication/SessionMiddleware and ModelBackend
admin checks allow subclasses.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:8>
Django
-------------------------------------+-------------------------------------
Reporter: Alek Ratzloff | Owner: Herman S
Type: Bug | Status: closed
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"d8704a4d4f6a3bc96cf26ffd1f14bf4b5c71c74d" d8704a4d]:
{{{
#!CommitTicketReference repository=""
revision="d8704a4d4f6a3bc96cf26ffd1f14bf4b5c71c74d"
[2.2.x] Fixed #30237 -- Made Authentication/SessionMiddleware and
ModelBackend admin checks allow subclasses.
Backport of f976ab1b117574db78d884c94e549a6b8e4c9f9b from master.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:9>
Django
-------------------------------------+-------------------------------------
Reporter: Alek Ratzloff | Owner: Herman S
Type: Bug | Status: closed
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tameron NGUYEN):
Replying to [comment:1 Tim Graham]:
> The check is new in Django 2.2
(371ece2f0682e51f2f796854d3e091827a7cea63). It might be possible to modify
it so that it detects `AuthenticationMiddleware` subclasses. You could
also simply add that error to your `SILENCED_SYSTEM_CHECKS` setting.
Errors: ?: (admin.E408)
'django.contrib.auth.middleware.AuthenticationMiddleware' must be in
MIDDLEWARE in order to use the admin application.
In settings.py, add
{{{
SILENCED_SYSTEM_CHECKS = [
'admin.E408',
]
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:10>
Django
-------------------------------------+-------------------------------------
Reporter: Alek Ratzloff | Owner: Herman S
Component: contrib.admin | Version: 2.2
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by batistalucash):
* status: closed => new
* resolution: fixed =>
Comment:
I am not sure this issue was solved. Should something be changed in the
settings.py file?
FYI: It started happening after a change the version of Django to the
newest one.
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:11>
Django
-------------------------------------+-------------------------------------
Reporter: Alek Ratzloff | Owner: Herman S
Component: contrib.admin | Version: 2.2
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by felixxm):
* status: new => closed
* resolution: => fixed
Comment:
batistalucash, please don't reopen fixed tickets without providing any new
information. This patch allows subclasses of `AuthenticationMiddleware`
and `SessionMiddleware`.
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:12>
Django
-------------------------------------+-------------------------------------
Reporter: Alek Ratzloff | Owner: Herman S
Type: Bug | Status: closed
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Niclas Olofsson):
Hmm, I just ran into this as well, but in our case we are using a subclass
of `SessionMiddleware`. Looking at the patch I can see that
`SessionMiddleware` is mentioned in the title, but I cannot see that the
implementation actually checks for such subclasses?
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:13>
Django
-------------------------------------+-------------------------------------
Reporter: Alek Ratzloff | Owner: Herman S
Type: Bug | Status: closed
Severity: Release blocker | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by felixxm):
Niclas, see #30312.
--
Ticket URL: <https://code.djangoproject.com/ticket/30237#comment:14>