Skip to content

AAP-47499 Use get_settings to get CSRF_TRUSTED_ORIGINS in ansible_base SessionAuthentication #755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jul 8, 2025
+34 −1
Merged

AAP-47499 Use get_settings to get CSRF_TRUSTED_ORIGINS in ansible_base SessionAuthentication #755

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f900514
Add AnsibleBaseCsrfViewMiddleware and update SessionAuthentication to…
TheRealHaoLiu Jun 6, 2025
b3d6883
AAP-47499 attempt a different approach to this problem
BrennanPaciorek Jul 7, 2025
f1ade28
fix comments, move setings patch to decorator
BrennanPaciorek Jul 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions ansible_base/authentication/session.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,23 @@
from rest_framework import authentication

from ansible_base.lib.utils.settings import replace_trusted_origins


class SessionAuthentication(authentication.SessionAuthentication):
"""
This class allows us to fail with a 401 if the user is not authenticated.

Allows CSRF_TRUSTED_ORIGINS to be read dynamically using get_setting.
Reverting the value of CSRF_TRUSTED_ORIGINS afterwards.
"""

def authenticate_header(self, request):
return "Session"

@replace_trusted_origins
def enforce_csrf(self, request):
"""
Enforce CSRF validation for session based authentication using
AnsibleBaseCsrfViewMiddleware instead of Django's CsrfViewMiddleware.
"""
return super().enforce_csrf(request)
18 changes: 18 additions & 0 deletions ansible_base/lib/utils/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,24 @@ def get_function_from_setting(setting_name: str) -> Any:
return None


def replace_trusted_origins(func):
"""Decorator for patching the CSRF_TRUSTED_ORIGINS django setting using the potentially different value in get_setting for the duration of a
function call
"""

def override_setting(*args, **kwargs):
csrf_trusted_origins = settings.CSRF_TRUSTED_ORIGINS
try:
# Temporarily patch the setting
settings.CSRF_TRUSTED_ORIGINS = get_setting("CSRF_TRUSTED_ORIGINS", csrf_trusted_origins)
return func(*args, **kwargs)
finally:
# Revert setting after this is done
settings.CSRF_TRUSTED_ORIGINS = csrf_trusted_origins

return override_setting


def get_from_import(module_name, attr):
"Thin wrapper around importlib.import_module, mostly exists so that we can safely mock this in tests"
module = importlib.import_module(module_name, package=attr)
Expand Down
4 changes: 3 additions & 1 deletion test_app/tests/authentication/test_middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
from django.conf import settings
from social_core.exceptions import AuthException

from ansible_base.authentication.middleware import SocialExceptionHandlerMiddleware
from ansible_base.authentication.middleware import (
SocialExceptionHandlerMiddleware,
)


def test_social_exception_handler_mw():
Expand Down