I developed a simple AuthBackendHook, and it seemed to work fine. However, occasionally Reviewboard return a 403 Unauthorized. I don't see any calls to my hook when this happens.
To try to root cause, I copied ldap.py to extension.py, changed the class name, id, and name parameters, and added the Extension boilerplate. Otherwise I changed nothing else, and I still get 403 response.
Specifically, I see:
[
2023-11-14 22:53:53 +0000] [13] [DEBUG] GET /reviewboard/api/review-requests/15/draft/
Unauthorized: /reviewboard/api/review-requests/15/draft/
2023-11-14 22:53:53,880 - WARNING - None - AnonymousUser - /reviewboard/api/review-requests/15/draft/ - django.request - Unauthorized: /reviewboard/api/review-requests/15/draft/
When it is working (or if I'm using the real LDAP module) the equivalent response is:
[2023-11-14 22:53:46 +0000] [11] [DEBUG] GET /reviewboard/api/review-requests/15/draft/
Not Found: /reviewboard/api/review-requests/15/draft/
2023-11-14 22:53:46,408 - WARNING - None - username - /reviewboard/api/review-requests/15/draft/ - django.request - Not Found: /reviewboard/api/review-requests/15/draft/
I don't see any difference in the logs otherwise, and when I instrumented the module, I didn't see any calls to get_or_create_user() or authenticate() (the only 2 calls I implemented)
I've found it is easiest to trigger by going back and forth between the summary and diff on a review, but we've triggered it just navigating around as well.