#30237 closed Bug (fixed)
admin check for AuthenticationMiddleware should allow subclasses
| Reported by: | Alek Ratzloff | Owned by: | Herman S |
|---|---|---|---|
| Component: | contrib.admin | Version: | 2.2 |
| Severity: | Release blocker | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I am attempting an upgrade from 2.1 to 2.2b1. I have a custom middleware in place for authentication which essentially wraps around the base AuthenticationMiddleware and sets/unsets a cookie upon login and logout. This was working with Django 2.1 as my authentication middleware.
Now, when I attempt to start my application, the check fails with admin.E408:
?: (admin.E408) 'django.contrib.auth.middleware.AuthenticationMiddleware' must be in MIDDLEWARE in order to use the admin application.
Is this a bug/regression, or have I been using the middleware incorrectly this whole time?
Change History (14)
follow-up: 10 comment:1 by , 5 years ago
comment:3 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
I created a pull request with a possible solution to this issue. Reproduced the issue and tested that the patch worked for me: https://github.com/django/django/pull/11057
comment:4 by , 5 years ago
| Has patch: | set |
|---|---|
| Needs tests: | set |
| Patch needs improvement: | set |
| Severity: | Normal → Release blocker |
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Bug |
Thanks for the PR. I left a few comments for improvements on the PR. Please uncheck patch needs improvement and needs tests once they are addressed.
comment:5 by , 5 years ago
| Summary: | django.contrib.admin checks for django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom authentication middleware from 2.1 → admin check for AuthenticationMiddleware should allow subclasses |
|---|
comment:6 by , 5 years ago
| Needs tests: | unset |
|---|---|
| Patch needs improvement: | unset |
comment:7 by , 5 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
comment:10 by , 5 years ago
Replying to Tim Graham:
The check is new in Django 2.2 (371ece2f0682e51f2f796854d3e091827a7cea63). It might be possible to modify it so that it detects
AuthenticationMiddlewaresubclasses. You could also simply add that error to yourSILENCED_SYSTEM_CHECKSsetting.
Errors: ?: (admin.E408) 'django.contrib.auth.middleware.AuthenticationMiddleware' must be in MIDDLEWARE in order to use the admin application.
In settings.py, add
SILENCED_SYSTEM_CHECKS = [
'admin.E408',
]
comment:11 by , 4 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → new |
I am not sure this issue was solved. Should something be changed in the settings.py file?
FYI: It started happening after a change the version of Django to the newest one.
comment:12 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
batistalucash, please don't reopen fixed tickets without providing any new information. This patch allows subclasses of AuthenticationMiddleware and SessionMiddleware.
comment:13 by , 4 years ago
Hmm, I just ran into this as well, but in our case we are using a subclass of SessionMiddleware. Looking at the patch I can see that SessionMiddleware is mentioned in the title, but I cannot see that the implementation actually checks for such subclasses?
The check is new in Django 2.2 (371ece2f0682e51f2f796854d3e091827a7cea63). It might be possible to modify it so that it detects
AuthenticationMiddlewaresubclasses. You could also simply add that error to yourSILENCED_SYSTEM_CHECKSsetting.