In _record_object_deleted(), don't assert on SAML2 login deletions.

Previously, the call to r.session.flush() in django-saml2-auth plugin raised this assertion, as the request session doesn't exist at this point in the flow.
2025-08-16 12:38:17 -06:00 · 2019-05-22 18:11:54 +10:00 · 2019-05-22 18:11:54 +10:00 · 6c6eb6ffd0
commit 6c6eb6ffd0
parent 04419e8eaa
1 changed files with 3 additions and 1 deletions
--- a/netbox/extras/middleware.py
+++ b/netbox/extras/middleware.py
@ -31,7 +31,9 @@ def _record_object_deleted(request, instance, **kwargs):

    # Force resolution of request.user in case it's still a SimpleLazyObject. This seems to happen
    # occasionally during tests, but haven't been able to determine why.
-    assert request.user.is_authenticated
+    # Note: We exclude SAML2 login flow deletions, as the call to request.session.flush() throws this assertion
+    if request.path_info != '/saml2_auth/acs/':
+        assert request.user.is_authenticated

    # Record that the object was deleted
    if hasattr(instance, 'log_change'):