NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-21 11:37:21 -06:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Adapt RemoteUserMiddleware for Django 5.2

Browse Source
This commit is contained in:
Jeremy Stretch 2025-03-05 16:07:56 -05:00
parent 962d660c2c
commit 3dda4716e7
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
netbox/netbox/middleware.py
View File

@ -98,18 +98,23 @@ class RemoteUserMiddleware(RemoteUserMiddleware_):
""" """
Custom implementation of Django's RemoteUserMiddleware which allows for a user-configurable HTTP header name. Custom implementation of Django's RemoteUserMiddleware which allows for a user-configurable HTTP header name.
""" """
async_capable = False
force_logout_if_no_header = False force_logout_if_no_header = False
def __init__(self, get_response):
if get_response is None:
raise ValueError("get_response must be provided.")
self.get_response = get_response
@property @property
def header(self): def header(self):
return settings.REMOTE_AUTH_HEADER return settings.REMOTE_AUTH_HEADER
def process_request(self, request): def __call__(self, request):
logger = logging.getLogger( logger = logging.getLogger('netbox.authentication.RemoteUserMiddleware')
'netbox.authentication.RemoteUserMiddleware')
# Bypass middleware if remote authentication is not enabled # Bypass middleware if remote authentication is not enabled
if not settings.REMOTE_AUTH_ENABLED: if not settings.REMOTE_AUTH_ENABLED:
return return self.get_response(request)
# AuthenticationMiddleware is required so that request.user exists. # AuthenticationMiddleware is required so that request.user exists.
if not hasattr(request, 'user'): if not hasattr(request, 'user'):
raise ImproperlyConfigured( raise ImproperlyConfigured(
@ -126,13 +131,13 @@ class RemoteUserMiddleware(RemoteUserMiddleware_):
# AnonymousUser by the AuthenticationMiddleware). # AnonymousUser by the AuthenticationMiddleware).
if self.force_logout_if_no_header and request.user.is_authenticated: if self.force_logout_if_no_header and request.user.is_authenticated:
self._remove_invalid_user(request) self._remove_invalid_user(request)
return return self.get_response(request)
# If the user is already authenticated and that user is the user we are # If the user is already authenticated and that user is the user we are
# getting passed in the headers, then the correct user is already # getting passed in the headers, then the correct user is already
# persisted in the session and we don't need to continue. # persisted in the session and we don't need to continue.
if request.user.is_authenticated: if request.user.is_authenticated:
if request.user.get_username() == self.clean_username(username, request): if request.user.get_username() == self.clean_username(username, request):
return return self.get_response(request)
else: else:
# An authenticated user is associated with the request, but # An authenticated user is associated with the request, but
# it does not match the authorized user in the header. # it does not match the authorized user in the header.
@ -162,6 +167,8 @@ class RemoteUserMiddleware(RemoteUserMiddleware_):
request.user = user request.user = user
auth.login(request, user) auth.login(request, user)
return self.get_response(request)
def _get_groups(self, request): def _get_groups(self, request):
logger = logging.getLogger( logger = logging.getLogger(
'netbox.authentication.RemoteUserMiddleware') 'netbox.authentication.RemoteUserMiddleware')