# HG changeset patch # User Brodie Rao # Date 1297307788 28800 # Branch releases/1.2.X # Node ID a16a219713d315962c56ddf13ee4f03fad5decf9 # Parent 61c0665bc6c15ed9db42a7ca5da2678efa551934 Fixed @cache_page not properly checking if the current request is by a logged in user diff --git a/django/middleware/cache.py b/django/middleware/cache.py --- a/django/middleware/cache.py +++ b/django/middleware/cache.py @@ -67,10 +67,22 @@ class UpdateCacheMiddleware(object): self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False) + def _session_accessed(self, request): + try: + return request.session.accessed + except AttributeError: + return False + def _should_update_cache(self, request, response): if not hasattr(request, '_cache_update_cache') or not request._cache_update_cache: return False - if self.cache_anonymous_only and has_vary_header(response, 'Cookie'): + # In most situations, we shouldn't need to directly check if + # the session has been accessed; checking for Vary: Cookie is + # enough. But when the @cache_page decorator is used, this + # check is done before the Vary header is set, so we need to + # check request.session.accessed ourselves. + if self.cache_anonymous_only and (has_vary_header(response, 'Cookie') + or self._session_accessed(request)): assert hasattr(request, 'user'), "The Django cache middleware with CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the CacheMiddleware." if request.user.is_authenticated(): # Don't cache user-variable requests from authenticated users. diff --git a/tests/regressiontests/cache/tests.py b/tests/regressiontests/cache/tests.py --- a/tests/regressiontests/cache/tests.py +++ b/tests/regressiontests/cache/tests.py @@ -10,6 +10,7 @@ import unittest import warnings from django.conf import settings +from django.contrib.auth.models import User from django.core import management from django.core.cache import get_cache from django.core.cache.backends.base import CacheKeyWarning @@ -670,6 +671,25 @@ class CacheMiddlewareAnonymousOnlyTests( response = self.client.get('/') self.failIf('Cookie' in response.get('Vary', '')) + def test_cache_middleware_anonymous_only_while_logged_in(self): + settings.CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True + + response = self.client.get('/') + self.assertEqual(response['Cache-Control'], 'max-age=600') + + User.objects.create_user(username='user', email='foo@bar.com', + password='password') + login = self.client.login(username='user', password='password') + self.assertTrue(login) + + response = self.client.get('/user') + self.failIf('Cache-Control' in response) + response = self.client.get('/user-cache-page') + self.failIf('Cache-Control' in response) + response = self.client.get('/user-vary-on-cookie-cache-page') + self.failIf('Cache-Control' in response) + response = self.client.get('/user-cache-page-vary-on-cookie') + self.failIf('Cache-Control' in response) if __name__ == '__main__': unittest.main() diff --git a/tests/regressiontests/cache/urls.py b/tests/regressiontests/cache/urls.py --- a/tests/regressiontests/cache/urls.py +++ b/tests/regressiontests/cache/urls.py @@ -2,4 +2,8 @@ from django.conf.urls.defaults import pa urlpatterns = patterns('regressiontests.cache.views', (r'^$', 'home'), + (r'^user$', 'user'), + (r'^user-cache-page$', 'user_cache_page'), + (r'^user-vary-on-cookie-cache-page$', 'user_vary_on_cookie_cache_page'), + (r'^user-cache-page-vary-on-cookie$', 'user_cache_page_vary_on_cookie'), ) diff --git a/tests/regressiontests/cache/views.py b/tests/regressiontests/cache/views.py --- a/tests/regressiontests/cache/views.py +++ b/tests/regressiontests/cache/views.py @@ -1,4 +1,13 @@ from django.http import HttpResponse +from django.views.decorators.cache import cache_page +from django.views.decorators.vary import vary_on_cookie def home(request): return HttpResponse('Hello World!') + +def user(request): + return HttpResponse(request.user.username) + +user_cache_page = cache_page(60 * 15)(user) +user_vary_on_cookie_cache_page = vary_on_cookie(user_cache_page) +user_cache_page_vary_on_cookie = cache_page(60 * 15)(vary_on_cookie(user))