Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update GET_IS_AUTHENTICATED_PREDICATE #84

Closed
wants to merge 1 commit into from
Closed

Update GET_IS_AUTHENTICATED_PREDICATE #84

wants to merge 1 commit into from

Conversation

logston
Copy link
Collaborator

@logston logston commented Jul 27, 2022

This commit updates the default GET_IS_AUTHENTICATED_PREDICATE function
to accept a request object rather than a user object. Usages are updated
accordingly.

Closes #78

@logston logston force-pushed the logston/update-custom-authentication branch from b2bab4c to 255d091 Compare July 27, 2022 00:53
@logston logston mentioned this pull request Jul 27, 2022
Closed
andersk
andersk reviewed Jul 27, 2022
View reviewed changes
src/django_scim/middleware.py
Comment on lines -52 to 53
if not hasattr(request, 'user') or not get_is_authenticated_predicate()(request.user):
if not get_is_authenticated_predicate()(request):
if request.path.startswith(self.reverse_url):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These tests should happen in the other order, to reduce unnecessary extra work for all the other endpoints in the project.

For that matter, though, why does SCIM even need to have a middleware? I would think it’d be enough to just check authentication in a decorator used on all the SCIM endpoints. Then we wouldn’t need to slow down the rest of the project at all.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For that matter, though, why does SCIM even need to have a middleware?

This project was built under specific constraints and having a middleware fit those constraints. PR's are welcome if you'd like to speed things up.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These tests should happen in the other order, to reduce unnecessary extra work for all the other endpoints in the project.

Not sure I follow here. For the default predicate, not hasattr(request, 'user') or request.user.is_annoymous is faster than the request.path.startswith. But this is Python and web framework so we are talking microseconds compared to multiple millseconds of a request. I think clarity of code makes more sense in these situations. IMO, the failing soon for non-SCIM specific reasons makes more sense to me.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This project was built under specific constraints and having a middleware fit those constraints. PR's are welcome if you'd like to speed things up.

Okay, here’s one proposal: we could move SCIMAuthCheckMiddleware out of the global project settings and apply it directly to SCIMView.dispatch. This fixes the performance issue on non-SCIM views with minimal restructuring.

Copy link
Contributor

@andersk andersk Jul 27, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I follow here. For the default predicate, not hasattr(request, 'user') or request.user.is_annoymous is faster than the request.path.startswith.

No, it isn’t. request.user is a lazy object. Forcing its evaluation will typically involve a round trip to a database server or at least a cache server. On some endpoints that would have happened anyway, but on others it would not.

src/django_scim/views.py Outdated Show resolved Hide resolved
src/django_scim/views.py Outdated Show resolved Hide resolved
@logston logston force-pushed the logston/update-custom-authentication branch from 255d091 to 3409849 Compare July 27, 2022 05:28
@logston
Update GET_IS_AUTHENTICATED_PREDICATE
f9c4d4a 
This commit updates the default GET_IS_AUTHENTICATED_PREDICATE function
to accept a request object rather than a user object. Usages are updated
accordingly.
@logston logston force-pushed the logston/update-custom-authentication branch from 3409849 to f9c4d4a Compare July 27, 2022 05:30
@andersk andersk mentioned this pull request Jul 27, 2022
Merged
@PIG208 PIG208 mentioned this pull request Aug 29, 2022
Closed
@logston logston closed this Nov 4, 2022
@logston logston deleted the logston/update-custom-authentication branch November 4, 2022 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andersk andersk andersk left review comments

@bartoszgrabski bartoszgrabski Awaiting requested review from bartoszgrabski

@powellc powellc Awaiting requested review from powellc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support SCIM views with custom authentication mechanisms
2 participants
@logston @andersk