new style middleware

Author: dulmandakh

AUTHORS

@@ -39,3 +39,4 @@ David Smith
 Tom Evans
 Dylan Giesler
 Spencer Carroll
+Dulmandakh Sukhbaatar

CHANGELOG.md

@@ -16,6 +16,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [1.4.1]
+
+### Changed
+* #925 OAuth2TokenMiddleware converted to new style middleware, and no longer extends MiddlewareMixin.
+
 ## [1.4.0] 2021-02-08
 
 ### Added

oauth2_provider/middleware.py

@@ -1,9 +1,8 @@
 from django.contrib.auth import authenticate
 from django.utils.cache import patch_vary_headers
-from django.utils.deprecation import MiddlewareMixin
 
 
-class OAuth2TokenMiddleware(MiddlewareMixin):
+class OAuth2TokenMiddleware:
     """
     Middleware for OAuth2 user authentication
 
@@ -22,15 +21,17 @@ class OAuth2TokenMiddleware(MiddlewareMixin):
     It also adds "Authorization" to the "Vary" header, so that django's cache middleware or a
     reverse proxy can create proper cache keys.
     """
+    def __init__(self, get_response):
+        self.get_response = get_response
 
-    def process_request(self, request):
+    def __call__(self, request):
         # do something only if request contains a Bearer token
         if request.META.get("HTTP_AUTHORIZATION", "").startswith("Bearer"):
             if not hasattr(request, "user") or request.user.is_anonymous:
                 user = authenticate(request=request)
                 if user:
                     request.user = request._cached_user = user
 
-    def process_response(self, request, response):
+        response = self.get_response(request)
         patch_vary_headers(response, ("Authorization",))
         return response

tests/test_auth_backends.py

@@ -86,18 +86,20 @@ def setUp(self):
         super().setUp()
         self.anon_user = AnonymousUser()
 
-    def dummy_get_response(request):
-        return None
+    def dummy_get_response(self, request):
+        return HttpResponse()
 
     def test_middleware_wrong_headers(self):
         m = OAuth2TokenMiddleware(self.dummy_get_response)
         request = self.factory.get("/a-resource")
-        self.assertIsNone(m.process_request(request))
+        m(request)
+        self.assertFalse(hasattr(request, "user"))
         auth_headers = {
             "HTTP_AUTHORIZATION": "Beerer " + "badstring",  # a Beer token for you!
         }
         request = self.factory.get("/a-resource", **auth_headers)
-        self.assertIsNone(m.process_request(request))
+        m(request)
+        self.assertFalse(hasattr(request, "user"))
 
     def test_middleware_user_is_set(self):
         m = OAuth2TokenMiddleware(self.dummy_get_response)
@@ -106,17 +108,19 @@ def test_middleware_user_is_set(self):
         }
         request = self.factory.get("/a-resource", **auth_headers)
         request.user = self.user
-        self.assertIsNone(m.process_request(request))
+        m(request)
+        self.assertIs(request.user, self.user)
         request.user = self.anon_user
-        self.assertIsNone(m.process_request(request))
+        m(request)
+        self.assertEqual(request.user.pk, self.user.pk)
 
     def test_middleware_success(self):
         m = OAuth2TokenMiddleware(self.dummy_get_response)
         auth_headers = {
             "HTTP_AUTHORIZATION": "Bearer " + "tokstr",
         }
         request = self.factory.get("/a-resource", **auth_headers)
-        m.process_request(request)
+        m(request)
         self.assertEqual(request.user, self.user)
 
     def test_middleware_response(self):
@@ -125,17 +129,15 @@ def test_middleware_response(self):
             "HTTP_AUTHORIZATION": "Bearer " + "tokstr",
         }
         request = self.factory.get("/a-resource", **auth_headers)
-        response = HttpResponse()
-        processed = m.process_response(request, response)
-        self.assertIs(response, processed)
+        response = m(request)
+        self.assertIsInstance(response, HttpResponse)
 
     def test_middleware_response_header(self):
         m = OAuth2TokenMiddleware(self.dummy_get_response)
         auth_headers = {
             "HTTP_AUTHORIZATION": "Bearer " + "tokstr",
         }
         request = self.factory.get("/a-resource", **auth_headers)
-        response = HttpResponse()
-        m.process_response(request, response)
+        response = m(request)
         self.assertIn("Vary", response)
         self.assertIn("Authorization", response["Vary"])

tox.ini

@@ -4,7 +4,7 @@ envlist =
     docs,
     py{36,37,38,39}-dj{31,30,22},
     py35-dj{22},
-    py{36,37,38,39}-djmaster,
+    py{38,39}-djmaster,
 
 [gh-actions]
 python =
@@ -42,7 +42,7 @@ deps =
 passenv =
 	PYTEST_ADDOPTS
 
-[testenv:py{36,37,38,39}-djmaster]
+[testenv:py{38,39}-djmaster]
 ignore_errors = true
 ignore_outcome = true