Merge pull request #3516 from ajgon/fix/http-remote-user-api

Fix: KeyError error on unauthenticated API calls
2025-04-02 13:45:10 -05:00 · 2023-06-03 09:05:50 -07:00 · 2023-06-03 09:05:50 -07:00 · 569165371c
commit 569165371c
parent 3a2a20cefd ea14fa5251
3 changed files with 33 additions and 14 deletions
--- a/src/paperless/auth.py
+++ b/src/paperless/auth.py
@ -1,6 +1,6 @@
 from django.conf import settings
 from django.contrib import auth
-from django.contrib.auth.middleware import RemoteUserMiddleware
+from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
 from django.contrib.auth.models import User
 from django.utils.deprecation import MiddlewareMixin
 from rest_framework import authentication
@ -37,7 +37,7 @@ class AngularApiAuthenticationOverride(authentication.BaseAuthentication):
            return None


-class HttpRemoteUserMiddleware(RemoteUserMiddleware):
+class HttpRemoteUserMiddleware(PersistentRemoteUserMiddleware):
    """This class allows authentication via HTTP_REMOTE_USER which is set for
    example by certain SSO applications.
    """
--- a/src/paperless/signals.py
+++ b/src/paperless/signals.py
@ -12,22 +12,21 @@ def handle_failed_login(sender, credentials, request, **kwargs):
    client_ip, _ = ipware.get_client_ip(
        meta=request.META,
    )
+    username = credentials.get("username")
+    log_output = (
+        "No authentication provided"
+        if username is None
+        else f"Login failed for user `{username}`"
+    )

    if client_ip is None:
-        logger.info(
-            f"Login failed for user `{credentials['username']}`."
-            " Unable to determine IP address.",
-        )
+        log_output += ". Unable to determine IP address."
    else:
        if client_ip.is_global:
            # We got the client's IP address
-            logger.info(
-                f"Login failed for user `{credentials['username']}`"
-                f" from IP `{client_ip}.`",
-            )
+            log_output += f" from IP `{client_ip}.`"
        else:
            # The client's IP address is private
-            logger.info(
-                f"Login failed for user `{credentials['username']}`"
-                f" from private IP `{client_ip}.`",
-            )
+            log_output += f" from private IP `{client_ip}.`"
+
+    logger.info(log_output)
--- a/src/paperless/tests/test_signals.py
+++ b/src/paperless/tests/test_signals.py
@ -12,6 +12,26 @@ class TestFailedLoginLogging(TestCase):
            "username": "john lennon",
        }

+    def test_unauthenticated(self):
+        """
+        GIVEN:
+            - Request with no authentication provided
+        WHEN:
+            - Request provided to signal handler
+        THEN:
+            - Unable to determine logged for unauthenticated user
+        """
+        request = HttpRequest()
+        request.META = {}
+        with self.assertLogs("paperless.auth") as logs:
+            handle_failed_login(None, {}, request)
+            self.assertEqual(
+                logs.output,
+                [
+                    "INFO:paperless.auth:No authentication provided. Unable to determine IP address.",
+                ],
+            )
+
    def test_none(self):
        """
        GIVEN: