← Back to branch summary

~ubuntu-branches/debian/sid/python-django/sid

« back to all changes in this revision

Viewing changes to django/contrib/auth/middleware.py

  • Committer: Package Import Robot
  • Author(s): Raphaël Hertzog
  • Date: 2014-09-17 14:15:11 UTC
  • mfrom: (1.3.17) (6.2.18 experimental)
  • Revision ID: package-import@ubuntu.com-20140917141511-icneokthe9ww5sk4
Tags: 1.7-2
* Release to unstable.
* Add a migrate-south sample script to help users apply their South
  migrations. Thanks to Brian May.

Show diffs side-by-side

added added

removed removed

Lines of Context:
django/contrib/auth/middleware.py
2
2
from django.contrib.auth import load_backend
3
3
from django.contrib.auth.backends import RemoteUserBackend
4
4
from django.core.exceptions import ImproperlyConfigured
 
5
from django.utils.crypto import constant_time_compare
5
6
from django.utils.functional import SimpleLazyObject
6
7
 
7
8
 
13
14
 
14
15
class AuthenticationMiddleware(object):
15
16
    def process_request(self, request):
16
 
        assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
17
 
 
 
17
        assert hasattr(request, 'session'), (
 
18
            "The Django authentication middleware requires session middleware "
 
19
            "to be installed. Edit your MIDDLEWARE_CLASSES setting to insert "
 
20
            "'django.contrib.sessions.middleware.SessionMiddleware' before "
 
21
            "'django.contrib.auth.middleware.AuthenticationMiddleware'."
 
22
        )
18
23
        request.user = SimpleLazyObject(lambda: get_user(request))
19
24
 
20
25
 
 
26
class SessionAuthenticationMiddleware(object):
 
27
    """
 
28
    Middleware for invalidating a user's sessions that don't correspond to the
 
29
    user's current session authentication hash (generated based on the user's
 
30
    password for AbstractUser).
 
31
    """
 
32
    def process_request(self, request):
 
33
        user = request.user
 
34
        if user and hasattr(user, 'get_session_auth_hash'):
 
35
            session_hash = request.session.get(auth.HASH_SESSION_KEY)
 
36
            session_hash_verified = session_hash and constant_time_compare(
 
37
                session_hash,
 
38
                user.get_session_auth_hash()
 
39
            )
 
40
            if not session_hash_verified:
 
41
                auth.logout(request)
 
42
 
 
43
 
21
44
class RemoteUserMiddleware(object):
22
45
    """
23
46
    Middleware for utilizing Web-server-provided authentication.
95
118
        """
96
119
        try:
97
120
            stored_backend = load_backend(request.session.get(auth.BACKEND_SESSION_KEY, ''))
98
 
        except ImproperlyConfigured:
 
121
        except ImportError:
99
122
            # backend failed to load
100
123
            auth.logout(request)
101
124
        else: