From 45813bea16eeb3ca02015304dc50a0c4541894b3 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Mon, 21 Aug 2017 11:19:52 -0400 Subject: [PATCH] do not re-create django session on every request * The django middleware call stack behavior is changed by DRF. As a result, during the process_request in sso/middlware.py request.user is not set as you would expect it to be set from the middleware django.contrib.auth.middleware.AuthenticationMiddleware --- awx/sso/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/sso/middleware.py b/awx/sso/middleware.py index c678ff08f3..71e93725e9 100644 --- a/awx/sso/middleware.py +++ b/awx/sso/middleware.py @@ -53,7 +53,7 @@ class SocialAuthMiddleware(SocialAuthExceptionMiddleware): if not auth_token and request.user and request.user.is_authenticated(): logout(request) - elif auth_token and request.user != auth_token.user: + elif auth_token and request.user.is_anonymous is False and request.user != auth_token.user: logout(request) auth_token.user.backend = '' login(request, auth_token.user)