[6.0.x] Fixed #37017 -- Fixed setting or clearing of request.user after alogin/alogout().

Regression in 31a43c571f4d036827d4fd7a5f615591637dc1be. Backport of a32c7075cf634aee1f4f3deecd27f194097ec0c2 from main.
author: Jacob Walls <jacobtylerwalls@gmail.com> 2026-04-01 09:36:16 -0400
committer: Jacob Walls <jacobtylerwalls@gmail.com> 2026-04-02 09:01:19 -0400
commit: a5c28dc1d7606f11adb932d0bd4dba899a028007 (patch)
tree: 50cdbb8e8c4b0d1eb4f630560216f5ecdc38c6a4 /tests/auth_tests/test_middleware.py
parent: 3436edb6966a83ac6be06dbc422df89fdc9e5653 (diff)
1 files changed, 30 insertions, 1 deletions
diff --git a/tests/auth_tests/test_middleware.py b/tests/auth_tests/test_middleware.py
index 5e106d40f7..894b49548b 100644
--- a/tests/auth_tests/test_middleware.py
+++ b/tests/auth_tests/test_middleware.py
@@ -4,7 +4,7 @@ from django.contrib.auth.middleware import (
     AuthenticationMiddleware,
     LoginRequiredMiddleware,
 )
-from django.contrib.auth.models import User
+from django.contrib.auth.models import AnonymousUser, User
 from django.core.exceptions import ImproperlyConfigured
 from django.http import HttpRequest, HttpResponse
 from django.test import TestCase, modify_settings, override_settings
@@ -77,6 +77,35 @@ class TestAuthenticationMiddleware(TestCase):
         self.assertTrue(auser_second.is_anonymous)
 
 
+class TestAsyncLoginLogoutAfterSyncMiddleware(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = User.objects.create_user(
+            "test_user", "test@example.com", "test_password"
+        )
+        cls.user2 = User.objects.create_user(
+            "test_user2", "test2@example.com", "test_password2"
+        )
+
+    def setUp(self):
+        self.middleware = AuthenticationMiddleware(lambda req: HttpResponse())
+        self.client.force_login(self.user)
+        self.request = HttpRequest()
+        self.request.session = self.client.session
+        # Populate self.request.user.
+        self.middleware(self.request)
+        # .user is lazy, so materialize it by accessing an attribute.
+        self.request.user.is_authenticated
+
+    async def test_user_after_alogin(self):
+        await alogin(self.request, self.user2)
+        self.assertEqual(self.request.user, self.user2)
+
+    async def test_user_after_alogout(self):
+        await alogout(self.request)
+        self.assertEqual(self.request.user, AnonymousUser())
+
+
 @override_settings(ROOT_URLCONF="auth_tests.urls")
 @modify_settings(
     MIDDLEWARE={"append": "django.contrib.auth.middleware.LoginRequiredMiddleware"}
author	Jacob Walls <jacobtylerwalls@gmail.com>	2026-04-01 09:36:16 -0400
committer	Jacob Walls <jacobtylerwalls@gmail.com>	2026-04-02 09:01:19 -0400
commit	a5c28dc1d7606f11adb932d0bd4dba899a028007 (patch)
tree	50cdbb8e8c4b0d1eb4f630560216f5ecdc38c6a4 /tests/auth_tests/test_middleware.py
parent	3436edb6966a83ac6be06dbc422df89fdc9e5653 (diff)