Skip to content

Improve compatibility with multiple auth methods #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Improve compatibility with multiple auth methods #55

wants to merge 2 commits into from

Conversation

tobiasge
Copy link
Contributor

When using multiple authentication methods in Django it must be possible to direct the users to a login page where they can select the needed authentication method.

@tobiasge
Improve compatibility with multiple auth methods
5d60cb3 
When using multiple authentication methods in Django it must be possible
to direct the users to a login page where they can select the needed
authentication method.
@tobiasge
Compatibility with Django LoginRequiredMiddleware
e7d1362 
Django 5.1 introduced the LoginRequiredMiddleware that automatically
requires an authenticated user on all views except those marked as
not requiring a login.
regoawt
regoawt requested changes Feb 28, 2025
View reviewed changes
Copy link
Collaborator

@regoawt regoawt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see what you're trying to do here but I just want to assure myself that this is the best way of implementing it.

azure_auth/middleware.py
@@ -29,6 +32,12 @@ def __call__(self, request: HttpRequest):

if AuthHandler(request).user_is_authenticated:
return self.get_response(request)
elif active_auth_backend != "azure_auth.auth_backends.AzureBackend":
# User is handled by another backend
return self.get_response(request)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't there be a check on self.request.user.is_authenticated before returning?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure. In our case we have a second middleware together with a second authentication backend. So each middleware is only checking the accounts that belong to it's backend. But checking self.request.user.is_authenticated here is probably equally valid.

azure_auth/decorators.py
# If the token is valid (or a new valid one can be generated)
if AuthHandler(request).user_is_authenticated:
return func(request, *args, **kwargs)
elif active_auth_backend != "azure_auth.auth_backends.AzureBackend":
# User is handled by another backend
return func(request, *args, **kwargs)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as for in the middleware - shouldn't there be a check on self.request.user.is_authenticated before returning?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@regoawt regoawt regoawt requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tobiasge @regoawt