#30237 closed Bug (fixed)
admin check for AuthenticationMiddleware should allow subclasses
Reported by: | Alek Ratzloff | Owned by: | Herman S |
---|---|---|---|
Component: | contrib.admin | Version: | 2.2 |
Severity: | Release blocker | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I am attempting an upgrade from 2.1 to 2.2b1. I have a custom middleware in place for authentication which essentially wraps around the base AuthenticationMiddleware and sets/unsets a cookie upon login and logout. This was working with Django 2.1 as my authentication middleware.
Now, when I attempt to start my application, the check fails with admin.E408:
?: (admin.E408) 'django.contrib.auth.middleware.AuthenticationMiddleware' must be in MIDDLEWARE in order to use the admin application.
Is this a bug/regression, or have I been using the middleware incorrectly this whole time?
Change History (14)
follow-up: 10 comment:1 by , 6 years ago
comment:3 by , 6 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
I created a pull request with a possible solution to this issue. Reproduced the issue and tested that the patch worked for me: https://github.com/django/django/pull/11057
comment:4 by , 6 years ago
Has patch: | set |
---|---|
Needs tests: | set |
Patch needs improvement: | set |
Severity: | Normal → Release blocker |
Triage Stage: | Unreviewed → Accepted |
Type: | Uncategorized → Bug |
Thanks for the PR. I left a few comments for improvements on the PR. Please uncheck patch needs improvement and needs tests once they are addressed.
comment:5 by , 6 years ago
Summary: | django.contrib.admin checks for django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom authentication middleware from 2.1 → admin check for AuthenticationMiddleware should allow subclasses |
---|
comment:6 by , 6 years ago
Needs tests: | unset |
---|---|
Patch needs improvement: | unset |
comment:7 by , 6 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
comment:10 by , 6 years ago
Replying to Tim Graham:
The check is new in Django 2.2 (371ece2f0682e51f2f796854d3e091827a7cea63). It might be possible to modify it so that it detects
AuthenticationMiddleware
subclasses. You could also simply add that error to yourSILENCED_SYSTEM_CHECKS
setting.
Errors: ?: (admin.E408) 'django.contrib.auth.middleware.AuthenticationMiddleware' must be in MIDDLEWARE in order to use the admin application.
In settings.py, add
SILENCED_SYSTEM_CHECKS = [ 'admin.E408', ]
comment:11 by , 5 years ago
Resolution: | fixed |
---|---|
Status: | closed → new |
I am not sure this issue was solved. Should something be changed in the settings.py file?
FYI: It started happening after a change the version of Django to the newest one.
comment:12 by , 5 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
batistalucash, please don't reopen fixed tickets without providing any new information. This patch allows subclasses of AuthenticationMiddleware
and SessionMiddleware
.
comment:13 by , 5 years ago
Hmm, I just ran into this as well, but in our case we are using a subclass of SessionMiddleware
. Looking at the patch I can see that SessionMiddleware
is mentioned in the title, but I cannot see that the implementation actually checks for such subclasses?
The check is new in Django 2.2 (371ece2f0682e51f2f796854d3e091827a7cea63). It might be possible to modify it so that it detects
AuthenticationMiddleware
subclasses. You could also simply add that error to yourSILENCED_SYSTEM_CHECKS
setting.