Merge pull request #4452 from NyanKiyoshi/middlewares/revert

Revert dynamic middleware loading
saleor · Jul 12, 2019 · 33da575 · 33da575
2 parents 28227ac + bd07b29
commit 33da575
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 105 deletions.
diff --git a/.isort.cfg b/.isort.cfg
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -26,6 +26,7 @@ All notable, unreleased changes to this project will be documented in this file.
 - Add ability to store used payment sources in gateways, first implemented in Braintree - #4195 by @salwator
 - Fix various bugs across product section - #4429 by @dominik-zeglen
 - Add company address configuration - #4432 by @benekex2
+- Revert the custom dynamic middleware loading by #4102–in the meantime a better solution is found. - #4452 by @NyanKiyoshi
 
 ## 2.7.0
 

diff --git a/saleor/core/middleware.py b/saleor/core/middleware.py
@@ -1,21 +1,8 @@
 import logging
-from functools import wraps
-from typing import Callable
-
-import django.contrib.auth.middleware
-import django.contrib.messages.middleware
-import django.contrib.sessions.middleware
-import django.middleware.common
-import django.middleware.csrf
-import django.middleware.locale
-import django.middleware.security
-import django_babel.middleware
-import impersonate.middleware
-import social_django.middleware
+
 from django.conf import settings
 from django.contrib.sites.models import Site
 from django.core.exceptions import MiddlewareNotUsed
-from django.urls import reverse
 from django.utils import timezone
 from django.utils.functional import SimpleLazyObject
 from django.utils.translation import get_language
@@ -28,57 +15,6 @@
 logger = logging.getLogger(__name__)
 
 
-def django_only_request_handler(get_response: Callable, handler: Callable):
-    api_path = reverse("api")
-
-    @wraps(handler)
-    def handle_request(request):
-        if request.path == api_path:
-            return get_response(request)
-        return handler(request)
-
-    return handle_request
-
-
-def django_only_middleware(middleware):
-    @wraps(middleware)
-    def wrapped(get_response):
-        handler = middleware(get_response)
-        return django_only_request_handler(get_response, handler)
-
-    return wrapped
-
-
-social_auth_exception_middleware = django_only_middleware(
-    social_django.middleware.SocialAuthExceptionMiddleware
-)
-impersonate_middleware = django_only_middleware(
-    impersonate.middleware.ImpersonateMiddleware
-)
-babel_locale_middleware = django_only_middleware(
-    django_babel.middleware.LocaleMiddleware
-)
-django_locale_middleware = django_only_middleware(
-    django.middleware.locale.LocaleMiddleware
-)
-django_messages_middleware = django_only_middleware(
-    django.contrib.messages.middleware.MessageMiddleware
-)
-django_auth_middleware = django_only_middleware(
-    django.contrib.auth.middleware.AuthenticationMiddleware
-)
-django_csrf_view_middleware = django_only_middleware(
-    django.middleware.csrf.CsrfViewMiddleware
-)
-django_security_middleware = django_only_middleware(
-    django.middleware.security.SecurityMiddleware
-)
-django_session_middleware = django_only_middleware(
-    django.contrib.sessions.middleware.SessionMiddleware
-)
-
-
-@django_only_middleware
 def google_analytics(get_response):
     """Report a page view to Google Analytics."""
 

diff --git a/saleor/graphql/middleware.py b/saleor/graphql/middleware.py
@@ -1,33 +1,9 @@
-from functools import wraps
-from typing import Callable
-
 from django.contrib.auth.models import AnonymousUser
-from django.urls import reverse
+from django.shortcuts import reverse
 from graphene_django.settings import graphene_settings
 from graphql_jwt.middleware import JSONWebTokenMiddleware
 
 
-def api_only_request_handler(get_response: Callable, handler: Callable):
-    @wraps(handler)
-    def handle_request(request):
-        api_path = reverse("api")
-        if request.path != api_path:
-            return get_response(request)
-        return handler(request)
-
-    return handle_request
-
-
-def api_only_middleware(middleware):
-    @wraps(middleware)
-    def wrapped(get_response):
-        handler = middleware(get_response)
-        return api_only_request_handler(get_response, handler)
-
-    return wrapped
-
-
-@api_only_middleware
 def jwt_middleware(get_response):
     """Authenticate user using JSONWebTokenMiddleware
     ignoring the session-based authentication.
@@ -42,12 +18,13 @@ def jwt_middleware(get_response):
     graphene_settings.MIDDLEWARE.remove(JSONWebTokenMiddleware)
 
     def middleware(request):
-        # clear user authenticated by AuthenticationMiddleware
-        request._cached_user = AnonymousUser()
-        request.user = AnonymousUser()
+        if request.path == reverse("api"):
+            # clear user authenticated by AuthenticationMiddleware
+            request._cached_user = AnonymousUser()
+            request.user = AnonymousUser()
 
-        # authenticate using JWT middleware
-        jwt_middleware_inst.process_request(request)
+            # authenticate using JWT middleware
+            jwt_middleware_inst.process_request(request)
         return get_response(request)
 
     return middleware
diff --git a/saleor/settings.py b/saleor/settings.py
@@ -196,22 +196,22 @@ def get_bool_from_env(name, default_value):
 SECRET_KEY = os.environ.get("SECRET_KEY")
 
 MIDDLEWARE = [
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.security.SecurityMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
-    "saleor.core.middleware.django_session_middleware",
-    "saleor.core.middleware.django_security_middleware",
-    "saleor.core.middleware.django_auth_middleware",
-    "saleor.core.middleware.django_messages_middleware",
-    "saleor.core.middleware.django_locale_middleware",
-    "saleor.core.middleware.babel_locale_middleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.locale.LocaleMiddleware",
+    "django_babel.middleware.LocaleMiddleware",
     "saleor.core.middleware.discounts",
     "saleor.core.middleware.google_analytics",
     "saleor.core.middleware.country",
     "saleor.core.middleware.currency",
     "saleor.core.middleware.site",
     "saleor.core.middleware.taxes",
-    "saleor.core.middleware.social_auth_exception_middleware",
-    "saleor.core.middleware.impersonate_middleware",
+    "social_django.middleware.SocialAuthExceptionMiddleware",
+    "impersonate.middleware.ImpersonateMiddleware",
     "saleor.graphql.middleware.jwt_middleware",
 ]
 

diff --git a/tests/test_core.py b/tests/test_core.py
@@ -6,7 +6,7 @@
 import pytest
 from django.shortcuts import reverse
 from django.templatetags.static import static
-from django.test import override_settings
+from django.test import Client, override_settings
 from django.urls import translate_url
 from measurement.measures import Weight
 from prices import Money
@@ -292,3 +292,10 @@ def test_delete_sort_order_with_null_value(menu_item):
     menu_item.sort_order = None
     menu_item.save(update_fields=["sort_order"])
     menu_item.delete()
+
+
+def test_csrf_middleware_is_enabled():
+    csrf_client = Client(enforce_csrf_checks=True)
+    checkout_url = reverse("checkout:index")
+    response = csrf_client.post(checkout_url)
+    assert response.status_code == 403