Monkey patching get_user to remove the session authentication introduced in 1.7 and made required in 1.10. After a year we can remove this monkey patching as all users would have logged in by now, recycling their session.

2025-04-13 09:42:01 +00:00 · 2020-07-02 17:50:21 -04:00 · 2020-07-02 17:50:21 -04:00 · cc50e3ce10
commit cc50e3ce10
parent f95c47c313
4 changed files with 41 additions and 0 deletions
--- a/apps/notifications/models.py
+++ b/apps/notifications/models.py
@ -37,6 +37,7 @@ class MUserNotificationTokens(mongo.Document):
        'collection': 'notification_tokens',
        'indexes': [{'fields': ['user_id'], 
                     'unique': True,
+                     'types': False,
                    }],
        'allow_inheritance': False,
    }
@ -69,6 +70,7 @@ class MUserFeedNotification(mongo.Document):
        'indexes': ['feed_id',
                    {'fields': ['user_id', 'feed_id'], 
                     'unique': True,
+                     'types': False,
                    }],
        'allow_inheritance': False,
    }
--- a/apps/profile/models.py
+++ b/apps/profile/models.py
@ -1190,6 +1190,7 @@ class MEmailUnsubscribe(mongo.Document):
        'indexes': ['user_id', 
                    {'fields': ['user_id', 'email_type'], 
                     'unique': True,
+                     'types': False,
                    }],
    }
    
--- a/apps/rss_feeds/models.py
+++ b/apps/rss_feeds/models.py
@ -2407,6 +2407,7 @@ class MStory(mongo.Document):
        'indexes': [('story_feed_id', '-story_date'),
                    {'fields': ['story_hash'], 
                     'unique': True,
+                     'types': False,
                    }],
        'ordering': ['-story_date'],
        'allow_inheritance': False,
@ -3104,6 +3105,7 @@ class MSavedSearch(mongo.Document):
        'indexes': ['user_id',
                    {'fields': ['user_id', 'feed_id', 'query'], 
                     'unique': True,
+                     'types': False,
                    }],
        'ordering': ['query'],
        'allow_inheritance': False,
--- a/newsblur/settings.py
+++ b/newsblur/settings.py
@ -762,3 +762,39 @@ if BACKED_BY_AWS.get('pages_on_s3') or BACKED_BY_AWS.get('icons_on_s3'):
    #     S3_ICONS_BUCKET = S3_CONN.get_bucket(S3_ICONS_BUCKET_NAME)

 django.http.request.host_validation_re = re.compile(r"^([a-z0-9.-_\-]+|\[[a-f0-9]*:[a-f0-9:]+\])(:\d+)?$")
+
+
+from django.contrib import auth
+
+def monkey_patched_get_user(request):
+    """
+    Return the user model instance associated with the given request session.
+    If no user is retrieved, return an instance of `AnonymousUser`.
+    """
+    from django.contrib.auth.models import AnonymousUser
+    user = None
+    try:
+        user_id = auth._get_user_session_key(request)
+        backend_path = request.session[auth.BACKEND_SESSION_KEY]
+    except KeyError:
+        pass
+    else:
+        if backend_path in AUTHENTICATION_BACKENDS:
+            backend = auth.load_backend(backend_path)
+            user = backend.get_user(user_id)
+            session_hash = request.session.get(auth.HASH_SESSION_KEY)
+            logging.debug(request, " ---> Ignoring session hash: %s vs %s" % (user.get_session_auth_hash(), session_hash))
+            # # Verify the session
+            # if hasattr(user, 'get_session_auth_hash'):
+            #     session_hash = request.session.get(HASH_SESSION_KEY)
+            #     session_hash_verified = session_hash and constant_time_compare(
+            #         session_hash,
+            #         user.get_session_auth_hash()
+            #     )
+            #     if not session_hash_verified:
+            #         request.session.flush()
+            #         user = None
+
+    return user or AnonymousUser()
+
+auth.get_user = monkey_patched_get_user