Help with Django RemoteUserMiddleware RemoteUserBackend with fresh database_问答_开发者

Help with Django RemoteUserMiddleware RemoteUserBackend with fresh database

开发者 https://www.devze.com 2023-03-02 20:55 出处：网络

The 1.3 release of Django includes the RemoteUserMiddleware and RemoteUserBackend classes to allow Apache to do authentication.

The 1.3 release of Django includes the RemoteUserMiddleware and RemoteUserBackend classes to allow Apache to do authentication. See http://docs.djangoproject.com/en/dev/howto/auth-remote-user/

I have an initial_data.json that creates a superuser when syncdb is performed. A dumpdata confirms it.

But I find that it doesn't seem to login properly with the newly created database. I get an ImproperlyConfigured exception that says: The Django remote user auth middleware requires the authentication middleware to be installed.

Edit your MIDDLEWARE_CLASSES setting to insert django.contrib.auth.middleware.AuthenticationMiddleware' before the RemoteUserMiddleware class.

The traceback points to RemoteMilddleware.process_request():

def process_request(self, request):
    # AuthenticationMiddleware is required so that request.user exists.
    if not hasattr(request, 'user'):
        raise ImproperlyConfigured(...

The DEBUG output from Apache shows that settings in fact have AuthenticationMiddleware and RemoteUserMiddleware in the requested order:

MIDDLEWARE_CLASSES  
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.RemoteUserMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')

But the request.user attribute is not set, generating the exception.

If I look closer at the source code for django.contrib.auth.backends and middleware, I find that AuthenticationMiddleware is registering LazyUser for the request class. But RemoteUserBackend doesn't seem to have the authenticate() method called which is where remote_user gets looked up in the Users table.

Is there something I should be doing to get authenticate() to be called in order to create request.user?

I can provide more info开发者_StackOverflow as needed. This is using SSL, by the way. Does that have some interaction that I didn't anticipate?

I should mention that I'm using Apache2.2.14 and mod_wsgi.

I had the same problem and after a little debugging figured out I forgot to create the mysql (I think it's the same case with sqllite) tables for the auth and other apps. So if you didn't you'll need to run python manage.py syncdb or create them some other way

This is an ugly workaround.

I created a unit test case and it worked fine in the stock development environment. Based on that, I went in to the RemoteMilddleware.process_request() function mentioned above on the Apache server and disabled the test for the user attribute. It then worked fine...

I'm not going to select this as the answer, but I thought I should document this workaround for anyone else who gets blocked. I'll look into filing a bug report.

Anyone know a proper solution or how to attack this in Apache2? All the traceback and variable information suggests that Apache is setting up the REMOTE_USER correctly but that Django1.3 isn't properly using it to authenticate.