id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
35555	Add additional middleware checks for django.contrib.auth	Jaap Roes	nobody	"The `django.contrib.auth.checks` module defines a [https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/checks.py#L240-L262 check_middleware] function. This function currently checks if `LoginRequiredMiddleware` is enabled, if so it checks if `AuthenticationMiddleware` is also enabled, and is placed before it.

This is nice, and something than happens at runtime for other middlewares in `contrib.auth`, for example:

[https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/middleware.py#L91-L120 RemoteUserMiddleware] raises a `ImproperlyConfigured` error if it's enabled but `AuthenticationMiddleware` isn't enabled, or is placed after it.

[https://github.com/django/django/blob/f1705c8780c0a7587654fc736542d55fe4a7f29b/django/contrib/auth/middleware.py#L27-L38 AuthenticationMiddleware] itself also raises a `ImproperlyConfigured` error if it's enabled but `SessionMiddleware` is not (or isn't executed before reaching it).

I can contribute a patch, unless there's any reason **not** to do this."	Cleanup/optimization	closed	contrib.auth	dev	Normal	wontfix	auth session middleware checks		Unreviewed	0	0	0	0	0	0