summaryrefslogtreecommitdiff
path: root/django/contrib/auth/middleware.py
AgeCommit message (Collapse)Author
2026-01-31Refs #34118 -- Removed asgiref coroutine detection shims.Jacob Walls
As Python 3.12 is now the floor, we can drop the shims and use the `inspect` module.
2025-09-17Refs #36390 -- Removed support for RemoteUserMiddleware subclasses missing ↵Jacob Walls
aprocess_request(). Per deprecation timeline.
2025-09-11Fixed #36603 -- Optimized check order in LoginRequiredMiddleware.Adam Johnson
2025-07-23Removed double spaces after periods and within phrases.Sarah Boyce
2025-05-23Fixed #36390 -- Deprecated RemoteUserMiddleware subclasses missing ↵Sarah Boyce
aprocess_request(). Regression in 50f89ae850f6b4e35819fe725a08c7e579bfd099. Thank you to shamoon for the report and Natalia Bidart for the review.
2024-12-18Fixed #36002 -- Referred to request.Meta key in ↵Anders Einar Hilden
Persistent/RemoteUserMiddleware comments. Changed the docstrings and code comments to better reflect where the default value comes from (an environment variable, not request header).
2024-10-07Fixed #35303 -- Implemented async auth backends and utils.Jon Janzen
2024-05-29Fixed 35467 -- Replaced urlparse with urlsplit where appropriate.Jake Howard
This work should not generate any change of functionality, and `urlsplit` is approximately 6x faster. Most use cases of `urlparse` didn't touch the path, so they can be converted to `urlsplit` without any issue. Most of those which do use `.path`, simply parse the URL, mutate the querystring, then put them back together, which is also fine (so long as urlunsplit is used).
2024-05-22Fixed #31405 -- Added LoginRequiredMiddleware.Hisham Mahmood
Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2023-06-27Fixed #34391 -- Added async-compatible interface to auth functions and ↵Jon Janzen
related methods test clients.
2023-03-07Fixed #31920 -- Made AuthenticationMiddleware add request.auser().Jon Janzen
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-07-29Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵David Smith
appropriate.
2021-03-11Refs #32508 -- Raised ImproperlyConfigured instead of using "assert" in ↵Hasan Ramezani
middlewares.
2019-11-13Fixed #30941 -- Reverted "Simplified AuthenticationMiddleware a bit."Mariusz Felisiak
This reverts commit 2f010795e690550c8c6f56b3924c0f629cacb33b.
2019-10-29Simplified AuthenticationMiddleware a bit.Sergey Fedoseev
SimpleLazyObject already caches value in _wrapped.
2019-10-23Refs #26601 -- Removed obsolete workarounds for MIDDLEWARE_CLASSES setting.Sergey Fedoseev
2017-09-07Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."Tim Graham
This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better.
2017-06-28Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().Mads Jensen
2017-02-04Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257.Anton Samarchyan
2017-01-17Refs #23957 -- Removed the useless SessionAuthenticationMiddleware.Tim Graham
2016-09-12Fixed #25187 -- Made request available in authentication backends.Aleksej Manaev
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-04-09Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.Jeremy Lainé
2015-09-23Refs #23957 -- Required session verification per deprecation timeline.Tim Graham
2015-07-02Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵Jan Pazdziora
external authentication.
2014-12-03Fixed #23939 -- Moved session verification out of ↵Tim Graham
SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review.
2014-08-20Fixed #23066 -- Modified RemoteUserMiddleware to logout on REMOTE_USER change.Preston Holmes
This is a security fix. Disclosure following shortly.
2014-04-05Fixed #21649 -- Added optional invalidation of sessions when user password ↵Tim Graham
changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews.
2014-03-31Fixed #22362 -- Improved AuthenticationMiddleware assertion message.Tim Graham
Thanks Keryn Knight.
2014-02-08Fixed #21674 -- Deprecated the import_by_path() function in favor of ↵Berker Peksag
import_string(). Thanks Aymeric Augustin for the suggestion and review.
2013-09-06Fixed a number of flake8 errors -- particularly around unused imports and ↵Alex Gaynor
local variables
2012-10-29Fixed #17869 - force logout when REMOTE_USER header disappearsPreston Holmes
If the current sessions user was logged in via a remote user backend log out the user if REMOTE_USER header not available - otherwise leave it to other auth middleware to install the AnonymousUser. Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
2012-10-13Fixed #19077, #19079 -- Made USERNAME_FIELD a required field, and modified ↵Russell Keith-Magee
UserAdmin to match.
2011-06-06Removed an unnecessary importLuke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16332 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-31Cleaned up how ``request.user`` is set, this is a follow up to [16297]. ↵Alex Gaynor
Thanks for the review Luke. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16305 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-30Fixed #15929 - test.client.RequestFactory keeps state/AuthMiddleware does ↵Luke Plant
monkey patching Thanks to m.vantellingen for the report and tests, and to aaugustin for work on the tests. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16297 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09Fixed #11509 -- Modified usage of "Web" to match our style guide in various ↵Russell Keith-Magee
documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-15Fixed #689 -- Added a middleware and authentication backend to contrib.auth ↵Gary Wilson Jr
for supporting external authentication solutions. Thanks to all who contributed to this patch, including Ian Holsman, garthk, Koen Biermans, Marc Fargas, ekarulf, and Ramiro Morales. git-svn-id: http://code.djangoproject.com/svn/django/trunk@10063 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-12Fixed #2702 -- Fixed LazyUser to store cache as attribute of request, not ↵Adrian Holovaty
class. Thanks for the patch, jkocherhans git-svn-id: http://code.djangoproject.com/svn/django/trunk@3754 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-28Merged multi-auth branch to trunk. See the authentication docs for the ↵Jacob Kaplan-Moss
ramifications of this change. Many, many thanks to Joseph Kocherhans for the hard work! git-svn-id: http://code.djangoproject.com/svn/django/trunk@3226 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-08Fixed #2109 -- Convert old-style classes to new-style classes throughout ↵Adrian Holovaty
Django. Thanks, Nicola Larosa git-svn-id: http://code.djangoproject.com/svn/django/trunk@3113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly ↵Adrian Holovaty
backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions. git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37