Opened 2 months ago

Closed 7 days ago

Last modified 7 days ago

#37019 closed Bug (fixed)

Make sync login() and logout() set request.auser if present

Reported by: Jacob Walls Owned by: Vishy
Component: contrib.auth Version: 5.0
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Analogous to #37017, we should make sync logout() clear request.auser if present. If auser is not present, I doubt login() should set it, but if it is present, it probably should be set as well.

Change History (7)

comment:1 by Vishy, 2 months ago

Owner: set to Vishy
Status: newassigned

comment:2 by Sarah Boyce, 2 months ago

Triage Stage: UnreviewedAccepted

Regression tests from the PR discussion if useful

  • tests/auth_tests/test_middleware.py

    a b  
     1from asgiref.sync import sync_to_async
     2
    13from django.conf import settings
    2 from django.contrib.auth import REDIRECT_FIELD_NAME, alogin, alogout
     4from django.contrib.auth import REDIRECT_FIELD_NAME, alogin, alogout, login, logout
    35from django.contrib.auth.middleware import (
    46    AuthenticationMiddleware,
    57    LoginRequiredMiddleware,
    class TestAuthenticationMiddleware(TestCase):  
    6870        auser_second = await self.request.auser()
    6971        self.assertEqual(auser_second, self.user2)
    7072
     73    async def test_auser_after_login(self):
     74        self.middleware(self.request)
     75        auser = await self.request.auser()
     76        self.assertEqual(auser, self.user)
     77        await sync_to_async(login)(self.request, self.user2)
     78        auser_second = await self.request.auser()
     79        self.assertEqual(auser_second, self.user2)
     80
    7181    async def test_auser_after_alogout(self):
    7282        self.middleware(self.request)
    7383        auser = await self.request.auser()
    class TestAuthenticationMiddleware(TestCase):  
    7686        auser_second = await self.request.auser()
    7787        self.assertTrue(auser_second.is_anonymous)
    7888
     89    async def test_auser_after_logout(self):
     90        self.middleware(self.request)
     91        auser = await self.request.auser()
     92        self.assertEqual(auser, self.user)
     93        await sync_to_async(logout)(self.request)
     94        auser_second = await self.request.auser()
     95        self.assertTrue(auser_second.is_anonymous)
     96

I personally think auser may need to be set as using sync_to_async should still be valid and perhaps third-party code may have sync only code assuming things will work using sync_to_async. I understand in your own project you should use alogin instead

comment:3 by Vishy, 2 months ago

Has patch: set

comment:4 by Jacob Walls, 12 days ago

Patch needs improvement: set

comment:5 by Jacob Walls, 8 days ago

Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:6 by Jacob Walls <jacobtylerwalls@…>, 7 days ago

Resolution: fixed
Status: assignedclosed

In 8f84f26:

Fixed #37019 -- Updated login() and logout() to set request.auser.

comment:7 by Jacob Walls <jacobtylerwalls@…>, 7 days ago

In 13322bb:

[6.1.x] Fixed #37019 -- Updated login() and logout() to set request.auser.

Backport of 8f84f269353e242e72eea55aa58df92d87df0453 from main.

Note: See TracTickets for help on using tickets.
Back to Top