Skip to content
Permalink
Browse files

Merge pull request #4452 from NyanKiyoshi/middlewares/revert

Revert dynamic middleware loading
  • Loading branch information...
maarcingebala committed Jul 12, 2019
2 parents 28227ac + bd07b29 commit 33da5754e16c89e65af31e4b646231f35880be99
Showing with 26 additions and 105 deletions.
  1. +1 −1 .isort.cfg
  2. +1 −0 CHANGELOG.md
  3. +1 −65 saleor/core/middleware.py
  4. +7 −30 saleor/graphql/middleware.py
  5. +8 −8 saleor/settings.py
  6. +8 −1 tests/test_core.py

Some generated files are not rendered by default. Learn more.

@@ -26,6 +26,7 @@ All notable, unreleased changes to this project will be documented in this file.
- Add ability to store used payment sources in gateways, first implemented in Braintree - #4195 by @salwator
- Fix various bugs across product section - #4429 by @dominik-zeglen
- Add company address configuration - #4432 by @benekex2
- Revert the custom dynamic middleware loading by #4102–in the meantime a better solution is found. - #4452 by @NyanKiyoshi

## 2.7.0

@@ -1,21 +1,8 @@
import logging
from functools import wraps
from typing import Callable

import django.contrib.auth.middleware
import django.contrib.messages.middleware
import django.contrib.sessions.middleware
import django.middleware.common
import django.middleware.csrf
import django.middleware.locale
import django.middleware.security
import django_babel.middleware
import impersonate.middleware
import social_django.middleware

from django.conf import settings
from django.contrib.sites.models import Site
from django.core.exceptions import MiddlewareNotUsed
from django.urls import reverse
from django.utils import timezone
from django.utils.functional import SimpleLazyObject
from django.utils.translation import get_language
@@ -28,57 +15,6 @@
logger = logging.getLogger(__name__)


def django_only_request_handler(get_response: Callable, handler: Callable):
api_path = reverse("api")

@wraps(handler)
def handle_request(request):
if request.path == api_path:
return get_response(request)
return handler(request)

return handle_request


def django_only_middleware(middleware):
@wraps(middleware)
def wrapped(get_response):
handler = middleware(get_response)
return django_only_request_handler(get_response, handler)

return wrapped


social_auth_exception_middleware = django_only_middleware(
social_django.middleware.SocialAuthExceptionMiddleware
)
impersonate_middleware = django_only_middleware(
impersonate.middleware.ImpersonateMiddleware
)
babel_locale_middleware = django_only_middleware(
django_babel.middleware.LocaleMiddleware
)
django_locale_middleware = django_only_middleware(
django.middleware.locale.LocaleMiddleware
)
django_messages_middleware = django_only_middleware(
django.contrib.messages.middleware.MessageMiddleware
)
django_auth_middleware = django_only_middleware(
django.contrib.auth.middleware.AuthenticationMiddleware
)
django_csrf_view_middleware = django_only_middleware(
django.middleware.csrf.CsrfViewMiddleware
)
django_security_middleware = django_only_middleware(
django.middleware.security.SecurityMiddleware
)
django_session_middleware = django_only_middleware(
django.contrib.sessions.middleware.SessionMiddleware
)


@django_only_middleware
def google_analytics(get_response):
"""Report a page view to Google Analytics."""

@@ -1,33 +1,9 @@
from functools import wraps
from typing import Callable

from django.contrib.auth.models import AnonymousUser
from django.urls import reverse
from django.shortcuts import reverse
from graphene_django.settings import graphene_settings
from graphql_jwt.middleware import JSONWebTokenMiddleware


def api_only_request_handler(get_response: Callable, handler: Callable):
@wraps(handler)
def handle_request(request):
api_path = reverse("api")
if request.path != api_path:
return get_response(request)
return handler(request)

return handle_request


def api_only_middleware(middleware):
@wraps(middleware)
def wrapped(get_response):
handler = middleware(get_response)
return api_only_request_handler(get_response, handler)

return wrapped


@api_only_middleware
def jwt_middleware(get_response):
"""Authenticate user using JSONWebTokenMiddleware
ignoring the session-based authentication.
@@ -42,12 +18,13 @@ def jwt_middleware(get_response):
graphene_settings.MIDDLEWARE.remove(JSONWebTokenMiddleware)

def middleware(request):
# clear user authenticated by AuthenticationMiddleware
request._cached_user = AnonymousUser()
request.user = AnonymousUser()
if request.path == reverse("api"):
# clear user authenticated by AuthenticationMiddleware
request._cached_user = AnonymousUser()
request.user = AnonymousUser()

# authenticate using JWT middleware
jwt_middleware_inst.process_request(request)
# authenticate using JWT middleware
jwt_middleware_inst.process_request(request)
return get_response(request)

return middleware
@@ -196,22 +196,22 @@ def get_bool_from_env(name, default_value):
SECRET_KEY = os.environ.get("SECRET_KEY")

MIDDLEWARE = [
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.security.SecurityMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"saleor.core.middleware.django_session_middleware",
"saleor.core.middleware.django_security_middleware",
"saleor.core.middleware.django_auth_middleware",
"saleor.core.middleware.django_messages_middleware",
"saleor.core.middleware.django_locale_middleware",
"saleor.core.middleware.babel_locale_middleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.locale.LocaleMiddleware",
"django_babel.middleware.LocaleMiddleware",
"saleor.core.middleware.discounts",
"saleor.core.middleware.google_analytics",
"saleor.core.middleware.country",
"saleor.core.middleware.currency",
"saleor.core.middleware.site",
"saleor.core.middleware.taxes",
"saleor.core.middleware.social_auth_exception_middleware",
"saleor.core.middleware.impersonate_middleware",
"social_django.middleware.SocialAuthExceptionMiddleware",
"impersonate.middleware.ImpersonateMiddleware",
"saleor.graphql.middleware.jwt_middleware",
]

@@ -6,7 +6,7 @@
import pytest
from django.shortcuts import reverse
from django.templatetags.static import static
from django.test import override_settings
from django.test import Client, override_settings
from django.urls import translate_url
from measurement.measures import Weight
from prices import Money
@@ -292,3 +292,10 @@ def test_delete_sort_order_with_null_value(menu_item):
menu_item.sort_order = None
menu_item.save(update_fields=["sort_order"])
menu_item.delete()


def test_csrf_middleware_is_enabled():
csrf_client = Client(enforce_csrf_checks=True)
checkout_url = reverse("checkout:index")
response = csrf_client.post(checkout_url)
assert response.status_code == 403

0 comments on commit 33da575

Please sign in to comment.
You can’t perform that action at this time.