Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#30237 closed Bug (fixed)

admin check for AuthenticationMiddleware should allow subclasses

Reported by: Alek Ratzloff Owned by: Herman S
Component: contrib.admin Version: 2.2
Severity: Release blocker Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I am attempting an upgrade from 2.1 to 2.2b1. I have a custom middleware in place for authentication which essentially wraps around the base AuthenticationMiddleware and sets/unsets a cookie upon login and logout. This was working with Django 2.1 as my authentication middleware.

Now, when I attempt to start my application, the check fails with admin.E408:

?: (admin.E408) 'django.contrib.auth.middleware.AuthenticationMiddleware' must be in MIDDLEWARE in order to use the admin application.

Is this a bug/regression, or have I been using the middleware incorrectly this whole time?

Change History (14)

comment:1 by Tim Graham, 6 years ago

The check is new in Django 2.2 (371ece2f0682e51f2f796854d3e091827a7cea63). It might be possible to modify it so that it detects AuthenticationMiddleware subclasses. You could also simply add that error to your SILENCED_SYSTEM_CHECKS setting.

comment:2 by Simon Charette, 6 years ago

Agreed, import_string should be used to perform issubclass checks.

comment:3 by Herman S, 6 years ago

Owner: changed from nobody to Herman S
Status: newassigned

I created a pull request with a possible solution to this issue. Reproduced the issue and tested that the patch worked for me: https://github.com/django/django/pull/11057

comment:4 by Simon Charette, 6 years ago

Has patch: set
Needs tests: set
Patch needs improvement: set
Severity: NormalRelease blocker
Triage Stage: UnreviewedAccepted
Type: UncategorizedBug

Thanks for the PR. I left a few comments for improvements on the PR. Please uncheck patch needs improvement and needs tests once they are addressed.

comment:5 by Tim Graham, 6 years ago

Summary: django.contrib.admin checks for django.contrib.auth.middleware.AuthenticationMiddleware, breaking custom authentication middleware from 2.1admin check for AuthenticationMiddleware should allow subclasses

comment:6 by Herman S, 6 years ago

Needs tests: unset
Patch needs improvement: unset

comment:7 by Carlton Gibson, 6 years ago

Triage Stage: AcceptedReady for checkin

comment:8 by Tim Graham <timograham@…>, 6 years ago

Resolution: fixed
Status: assignedclosed

In f976ab1b:

Fixed #30237 -- Made Authentication/SessionMiddleware and ModelBackend admin checks allow subclasses.

comment:9 by Tim Graham <timograham@…>, 6 years ago

In d8704a4d:

[2.2.x] Fixed #30237 -- Made Authentication/SessionMiddleware and ModelBackend admin checks allow subclasses.

Backport of f976ab1b117574db78d884c94e549a6b8e4c9f9b from master.

in reply to:  1 comment:10 by Tameron NGUYEN, 6 years ago

Replying to Tim Graham:

The check is new in Django 2.2 (371ece2f0682e51f2f796854d3e091827a7cea63). It might be possible to modify it so that it detects AuthenticationMiddleware subclasses. You could also simply add that error to your SILENCED_SYSTEM_CHECKS setting.

Errors: ?: (admin.E408) 'django.contrib.auth.middleware.AuthenticationMiddleware' must be in MIDDLEWARE in order to use the admin application.
In settings.py, add

SILENCED_SYSTEM_CHECKS = [
    'admin.E408',
]

comment:11 by batistalucash, 5 years ago

Resolution: fixed
Status: closednew

I am not sure this issue was solved. Should something be changed in the settings.py file?

FYI: It started happening after a change the version of Django to the newest one.

comment:12 by Mariusz Felisiak, 5 years ago

Resolution: fixed
Status: newclosed

batistalucash, please don't reopen fixed tickets without providing any new information. This patch allows subclasses of AuthenticationMiddleware and SessionMiddleware.

comment:13 by Niclas Olofsson, 5 years ago

Hmm, I just ran into this as well, but in our case we are using a subclass of SessionMiddleware. Looking at the patch I can see that SessionMiddleware is mentioned in the title, but I cannot see that the implementation actually checks for such subclasses?

comment:14 by Mariusz Felisiak, 5 years ago

Niclas, see #30312.

Note: See TracTickets for help on using tickets.
Back to Top