使用新数据库帮助 Django RemoteUserMiddleware RemoteUserBackend

发布于 2024-11-05 05:56:08 字数 1768 浏览 2 评论 0原文

Django 1.3 版本包括 RemoteUserMiddlewareRemoteUserBackend 类允许 Apache 进行身份验证。 请参阅 http://docs.djangoproject.com/en/dev/howto /auth-remote-user/

我有一个initial_data.json,它在执行syncdb 时创建一个超级用户。转储数据证实了这一点。

但我发现它似乎无法正确登录新创建的数据库。我收到一个 ImproperlyConfigured 异常,内容如下: Django 远程用户身份验证中间件需要安装身份验证中间件。

Edit your MIDDLEWARE_CLASSES setting to insert django.contrib.auth.middleware.AuthenticationMiddleware' before the RemoteUserMiddleware class.

回溯指向 RemoteMilddleware.process_request()

def process_request(self, request):
    # AuthenticationMiddleware is required so that request.user exists.
    if not hasattr(request, 'user'):
        raise ImproperlyConfigured(...

Apache 的 DEBUG 输出显示设置实际上按请求的顺序具有 AuthenticationMiddlewareRemoteUserMiddleware

MIDDLEWARE_CLASSES  
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.RemoteUserMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')

但未设置 request.user 属性,从而生成异常。

如果我仔细查看 django.contrib.auth.backends 和中间件的源代码, 我发现 AuthenticationMiddleware 正在注册 LazyUser 请求类。但 RemoteUserBackend 似乎没有 调用的authenticate()方法是在Users表中查找remote_user的地方。

我应该做些什么来调用 authenticate() 来创建 request.user 吗?

我可以根据需要提供更多信息。顺便说一句,这是使用 SSL。这是否有一些我没有预料到的互动?

我应该提到我正在使用 Apache2.2.14 和 mod_wsgi。

The 1.3 release of Django includes the RemoteUserMiddleware and
RemoteUserBackend classes to allow Apache to do authentication.
See http://docs.djangoproject.com/en/dev/howto/auth-remote-user/

I have an initial_data.json that creates a superuser when syncdb is performed. A dumpdata confirms it.

But I find that it doesn't seem to login properly with the newly created database. I get an ImproperlyConfigured exception that says:
The Django remote user auth middleware requires the authentication middleware to be installed.

Edit your MIDDLEWARE_CLASSES setting to insert django.contrib.auth.middleware.AuthenticationMiddleware' before the RemoteUserMiddleware class.

The traceback points to RemoteMilddleware.process_request():

def process_request(self, request):
    # AuthenticationMiddleware is required so that request.user exists.
    if not hasattr(request, 'user'):
        raise ImproperlyConfigured(...

The DEBUG output from Apache shows that settings in fact have AuthenticationMiddleware and RemoteUserMiddleware in the requested order:

MIDDLEWARE_CLASSES  
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.RemoteUserMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')

But the request.user attribute is not set, generating the exception.

If I look closer at the source code for django.contrib.auth.backends and middleware,
I find that AuthenticationMiddleware is registering LazyUser for
the request class. But RemoteUserBackend doesn't seem to have
the authenticate() method called which is where remote_user gets looked up in the Users table.

Is there something I should be doing to get authenticate() to be called in order to create request.user?

I can provide more info as needed. This is using SSL, by the way. Does that have some interaction that I didn't anticipate?

I should mention that I'm using Apache2.2.14 and mod_wsgi.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

本宫微胖 2024-11-12 05:56:09

我遇到了同样的问题,经过一些调试发现我忘记为 auth 和其他应用程序创建 mysql (我认为这与 sqllite 的情况相同)表。因此,如果没有,您需要运行 python manage.pysyncdb 或以其他方式创建它们

I had the same problem and after a little debugging figured out I forgot to create the mysql (I think it's the same case with sqllite) tables for the auth and other apps. So if you didn't you'll need to run python manage.py syncdb or create them some other way

临走之时 2024-11-12 05:56:09

这是一个丑陋的解决方法。

我创建了一个单元测试用例,它在库存开发环境中运行良好。基于此,我在 Apache 服务器上进入了上面提到的 RemoteMilddleware.process_request() 函数,并禁用了对 user 属性的测试。然后它工作得很好......

我不会选择这个作为答案,但我认为我应该为其他被阻止的人记录这个解决方法。我会考虑提交错误报告。

有人知道正确的解决方案或如何在 Apache2 中攻击这个问题吗?所有回溯和变量信息都表明 Apache 正确设置了 REMOTE_USER,但 Django1.3 没有正确使用它进行身份验证。

This is an ugly workaround.

I created a unit test case and it worked fine in the stock development environment. Based on that, I went in to the RemoteMilddleware.process_request() function mentioned above on the Apache server and disabled the test for the user attribute. It then worked fine...

I'm not going to select this as the answer, but I thought I should document this workaround for anyone else who gets blocked. I'll look into filing a bug report.

Anyone know a proper solution or how to attack this in Apache2? All the traceback and variable information suggests that Apache is setting up the REMOTE_USER correctly but that Django1.3 isn't properly using it to authenticate.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文