summaryrefslogtreecommitdiff
path: root/tests/auth_tests/test_remote_user.py
AgeCommit message (Collapse)Author
2026-05-06Fixed #36300 -- Restored the semantic where RemoteUserMiddleware.header ↵Jacob Walls
corresponds to request.META under ASGI. Because these tests always passed both WSGI environ values and HTTP headers via `**extra`, this masked a behavior difference between WSGI and ASGI. What should happen: everything should be passed via `headers` but for the default REMOTE_USER case on WSGI, which should be passed via `**extra`. Since that was not done, a regression made it into Django 5.2 (50f89ae850f6b4e35819fe725a08c7e579bfd099) where `.header` no longer corresponded to the request.META key under ASGI. To cope, an ASGI user would have started(*) sending HTTP headers that match the `.header` attribute, which may or may not have been edited to remove the HTTP_ prefix. (Note: the default `REMOTE_USER` case did not work under ASGI, so the change in Django 5.2 had the effect of fixing the default case but changing the semantic of the custom case.) (*): Unless they were getting the sync execution path, which didn't have this bug. See the fix in 0f4fff79d33b7cc84822e66bd1fc16caf8222e3a. Thanks Mykhailo Havelia and Sarah Boyce for reviews.
2026-05-04Fixed #37079 -- Fixed specialization of header lookups in RemoteUserMiddleware.Jacob Walls
We need to switch on whether the request is a WSGI or ASGI request to know whether to prepend `HTTP_`: we cannot assume sync exceution means we are running under WSGI, as there could be other sync middleware forcing sync execution under ASGI. Thanks Mykhailo Havelia for the report.
2026-05-01Refs #35303 -- Added missing async RemoteUserMiddleware tests for custom ↵Sarah Boyce
RemoteUserBackend.
2026-05-01Refs #689 -- Made RemoteUserMiddleware ImproperlyConfigured error message ↵Sarah Boyce
handle subclasses. Co-authored-by: Arfey <Arfey17.mg@gmail.com>
2025-09-17Refs #36390 -- Removed support for RemoteUserMiddleware subclasses missing ↵Jacob Walls
aprocess_request(). Per deprecation timeline.
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-05-23Fixed #36390 -- Deprecated RemoteUserMiddleware subclasses missing ↵Sarah Boyce
aprocess_request(). Regression in 50f89ae850f6b4e35819fe725a08c7e579bfd099. Thank you to shamoon for the report and Natalia Bidart for the review.
2025-02-18Refs #36005 -- Used datetime.UTC alias instead of datetime.timezone.utc.Mariusz Felisiak
datetime.UTC was added in Python 3.11.
2024-10-07Fixed #35303 -- Implemented async auth backends and utils.Jon Janzen
2024-01-04Used enterClassContext() where appropriate.Mariusz Felisiak
2023-12-31Used addCleanup() in tests where appropriate.Mariusz Felisiak
2023-02-01Refs #33476 -- Applied Black's 2023 stable style.David Smith
Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0
2023-01-17Refs #33561 -- Made created=True required in signature of ↵Mariusz Felisiak
RemoteUserBackend.configure_user() subclasses. Per deprecation timeline.
2022-03-24Refs #32365 -- Removed internal uses of utils.timezone.utc alias.Carlton Gibson
Remaining test case ensures that uses of the alias are mapped canonically by the migration writer.
2022-03-10Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.Adrian Torres
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-08-02Refs #32956 -- Corrected usage of "insure" and "assure".David Smith
2020-02-26Fixed #28699 -- Fixed CSRF validation with remote user middleware.Colton Hicks
Ensured process_view() always accesses the CSRF token from the session or cookie, rather than the request, as rotate_token() may have been called by an authentication middleware during the process_request() phase.
2019-01-09Fixed #30037 -- Added request arg to RemoteUserBackend.configure_user().Joshua Cannon
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-17Refs #26601 -- Removed support for old-style middleware using ↵Tim Graham
settings.MIDDLEWARE_CLASSES.
2016-11-10Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.za
2016-05-17Refs #26601 -- Deprecated old-style middleware.Tim Graham
2016-05-17Fixed #26601 -- Improved middleware per DEP 0005.Florian Apolloner
Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-04-09Fixed #25847 -- Made User.is_(anonymous|authenticated) properties.Jeremy Lainé
2016-03-23Fixed #25232 -- Made ModelBackend/RemoteUserBackend reject inactive users.Alexander Gaevsky
2015-07-02Fixed #25029 -- Added PersistentRemoteUserMiddleware for login-page-only ↵Jan Pazdziora
external authentication.
2015-02-11Moved contrib.auth tests out of contrib.Tim Graham