From 6c6eb6ffd079b77959df58dc80889455be428e75 Mon Sep 17 00:00:00 2001 From: Anthony Eden Date: Wed, 22 May 2019 18:11:54 +1000 Subject: [PATCH] In _record_object_deleted(), don't assert on SAML2 login deletions. Previously, the call to r.session.flush() in django-saml2-auth plugin raised this assertion, as the request session doesn't exist at this point in the flow. --- netbox/extras/middleware.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/netbox/extras/middleware.py b/netbox/extras/middleware.py index 38dde6275..5382d9983 100644 --- a/netbox/extras/middleware.py +++ b/netbox/extras/middleware.py @@ -31,7 +31,9 @@ def _record_object_deleted(request, instance, **kwargs): # Force resolution of request.user in case it's still a SimpleLazyObject. This seems to happen # occasionally during tests, but haven't been able to determine why. - assert request.user.is_authenticated + # Note: We exclude SAML2 login flow deletions, as the call to request.session.flush() throws this assertion + if request.path_info != '/saml2_auth/acs/': + assert request.user.is_authenticated # Record that the object was deleted if hasattr(instance, 'log_change'):