Commit 969217d4 authored by Carl Meyer's avatar Carl Meyer
Browse files

Fixed #15260 -- Ensured that CACHE_MIDDLEWARE_ANONYMOUS_ONLY is effective with... 

Fixed #15260 -- Ensured that CACHE_MIDDLEWARE_ANONYMOUS_ONLY is effective with the cache_page decorator, not only the middleware. Thanks to brodie for report and draft patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15559 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent ed7a3078

django/middleware/cache.py

+11 −2
Original line number Diff line number Diff line
@@ -50,7 +50,7 @@ More details about how the caching works: 


from django.conf import settings

from django.core.cache import get_cache, DEFAULT_CACHE_ALIAS

from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age, has_vary_header

from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age





class UpdateCacheMiddleware(object):
@@ -69,10 +69,19 @@ class UpdateCacheMiddleware(object): 
        self.cache_alias = settings.CACHE_MIDDLEWARE_ALIAS

        self.cache = get_cache(self.cache_alias)



    def _session_accessed(self, request):

        try:

            return request.session.accessed

        except AttributeError:

            return False



    def _should_update_cache(self, request, response):

        if not hasattr(request, '_cache_update_cache') or not request._cache_update_cache:

            return False

        if self.cache_anonymous_only and has_vary_header(response, 'Cookie'):

        # If the session has not been accessed otherwise, we don't want to

        # cause it to be accessed here. If it hasn't been accessed, then the

        # user's logged-in status has not affected the response anyway.

        if self.cache_anonymous_only and self._session_accessed(request):

            assert hasattr(request, 'user'), "The Django cache middleware with CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the CacheMiddleware."

            if request.user.is_authenticated():

                # Don't cache user-variable requests from authenticated users.

tests/regressiontests/cache/tests.py

+22 −0
Original line number Diff line number Diff line
@@ -1256,6 +1256,28 @@ class CacheMiddlewareTest(unittest.TestCase): 


        self.assertEqual(request.session.accessed, False)



    def test_cache_middleware_anonymous_only_with_cache_page(self):

        """CACHE_MIDDLEWARE_ANONYMOUS_ONLY should still be effective when used

        with the cache_page decorator: the response to a request from an

        authenticated user should not be cached."""

        settings.CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True



        request = self.factory.get('/view_anon/')



        class MockAuthenticatedUser(object):

            def is_authenticated(self):

                return True



        class MockAccessedSession(object):

            accessed = True



        request.user = MockAuthenticatedUser()

        request.session = MockAccessedSession()



        response = cache_page(hello_world_view)(request, '1')



        self.assertFalse("Cache-Control" in response)



    def test_view_decorator(self):

        # decorate the same view with different cache decorators

        default_view = cache_page(hello_world_view)

tests/regressiontests/cache/urls.py

deleted100644 → 0
+0 −5
Original line number Diff line number Diff line 
from django.conf.urls.defaults import patterns



urlpatterns = patterns('regressiontests.cache.views',

    (r'^$', 'home'),

)

tests/regressiontests/cache/views.py

deleted100644 → 0
+0 −4
Original line number Diff line number Diff line 
from django.http import HttpResponse



def home(request):

    return HttpResponse('Hello World!')