2
2
from django.contrib.auth import load_backend
3
3
from django.contrib.auth.backends import RemoteUserBackend
4
4
from django.core.exceptions import ImproperlyConfigured
5
from django.utils.crypto import constant_time_compare
5
6
from django.utils.functional import SimpleLazyObject
14
15
class AuthenticationMiddleware(object):
15
16
def process_request(self, request):
16
assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
17
assert hasattr(request, 'session'), (
18
"The Django authentication middleware requires session middleware "
19
"to be installed. Edit your MIDDLEWARE_CLASSES setting to insert "
20
"'django.contrib.sessions.middleware.SessionMiddleware' before "
21
"'django.contrib.auth.middleware.AuthenticationMiddleware'."
18
23
request.user = SimpleLazyObject(lambda: get_user(request))
26
class SessionAuthenticationMiddleware(object):
28
Middleware for invalidating a user's sessions that don't correspond to the
29
user's current session authentication hash (generated based on the user's
30
password for AbstractUser).
32
def process_request(self, request):
34
if user and hasattr(user, 'get_session_auth_hash'):
35
session_hash = request.session.get(auth.HASH_SESSION_KEY)
36
session_hash_verified = session_hash and constant_time_compare(
38
user.get_session_auth_hash()
40
if not session_hash_verified:
21
44
class RemoteUserMiddleware(object):
23
46
Middleware for utilizing Web-server-provided authentication.