Reviewed: https://review.openstack.org/614673
Committed:
https://git.openstack.org/cgit/openstack/horizon/commit/?id=0d163613265e036818fe567793a4fc88fe140d4a
Submitter: Zuul
Branch: master
commit 0d163613265e036818fe567793a4fc88fe140d4a
Author: Mathieu Gagné <mga...@calavera.ca>
Date: Wed Oct 31 22:24:31 2018 -0400
Fix django.contrib.auth.middleware monkey patching
The "request" attribute is not available in
openstack_auth.backend.KeystoneBackend.get_user when session data is
restored
and it's the first request to happen after a server restart.
As stated by the function document, the "request" attribute needs to be
monkey-patched by openstack_auth.utils.patch_middleware_get_user
for this function to work properly.
This should happen in openstack_auth.urls at import time. But there is
nowhere
in Horizon where this module is imported at startup. It's only introspected
by openstack_dashboard.urls due to AUTHENTICATION_URLS setting.
Without this monkey-patching, the whole authentication mechanism falls back
to "AnonymousUser" and you will get redirected to the login page due
to horizon.exceptions.NotAuthenticated being raised by
horizon.decorators.require_auth as request.user.is_authenticated will be
False.
But if a user requests a page under auth/, it will have the side-effect of
monkey-patching django.contrib.auth.middleware as expected. This means that
once this request is completed, all following requests to pages other than
the ones under auth/ will have there sessions properly restored and
you will be properly authenticated.
Therefore this change introduces a dummy middleware which sole purpose is
to perform this monkey-patching as early as possible.
There is also some cleanup to get rid of the previous attempts at
monkeypatching.
Closes-bug: #1764622
Change-Id: Ib9912090a87b716e7f5710f6f360b0df168ec2e3
** Changed in: horizon
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1764622
Title:
Restarting the web server causes users to get kicked out
Status in OpenStack Dashboard (Horizon):
Fix Released
Bug description:
Starting with Django 1.9 users are kicked out to the login screen
after the web server is restarted. This is especially severe when
running Horizon with a high number of processes.
However, if Horizon is running with Django 1.8.19 or older, Horizon
can be restarted with little to no impact.
Reproduced in Devstack stable/queens using the following additional
steps.
1) Configured Apache with 30 processes.
> WSGIDaemonProcess horizon user=stack group=stack processes=30 threads=1
home=/opt/stack/horizon display-name=%{GROUP}
2) Configure Horizon to use Memcached.
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
},
}
3) Log in to Horizon.
4) Restarted Apache.
5) Hit F5 and you will be kicked out to the login screen. Keep hitting
F5 or clicking on pages and you will randomly be kicked out back to
the login screen.
It will keep kicking you out until all processes has been used at
least once.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1764622/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
