[1.7.x] Fixed #22477 -- Removed contrib middleware from the global settings defaults. (d94de802) · Commits · Dom Sekotill / django

django/conf/global_settings.py

+0 −5

Original line number	Diff line number	Diff line
		@@ -461,12 +461,7 @@ SECURE_PROXY_SSL_HEADER = None
		# response phase the middleware will be applied in reverse order.
		MIDDLEWARE_CLASSES = (
		'django.middleware.common.CommonMiddleware',
		'django.contrib.sessions.middleware.SessionMiddleware',
		'django.middleware.csrf.CsrfViewMiddleware',
		'django.contrib.auth.middleware.AuthenticationMiddleware',
		'django.contrib.messages.middleware.MessageMiddleware',
		# 'django.middleware.http.ConditionalGetMiddleware',
		# 'django.middleware.gzip.GZipMiddleware',
		)

		############

+14 −5

Original line number	Diff line number	Diff line
		import os

		from django.conf import global_settings
		from django.contrib.auth import authenticate
		from django.contrib.auth.tests.utils import skipIfCustomUser
		from django.contrib.auth.models import User, Permission
		@@ -77,8 +76,13 @@ class AuthContextProcessorTests(TestCase):
		fixtures = ['context-processors-users.xml']

		@override_settings(
		MIDDLEWARE_CLASSES=global_settings.MIDDLEWARE_CLASSES,
		TEMPLATE_CONTEXT_PROCESSORS=global_settings.TEMPLATE_CONTEXT_PROCESSORS,
		MIDDLEWARE_CLASSES=(
		'django.contrib.sessions.middleware.SessionMiddleware',
		'django.contrib.auth.middleware.AuthenticationMiddleware',
		),
		TEMPLATE_CONTEXT_PROCESSORS=(
		'django.contrib.auth.context_processors.auth',
		),
		)
		def test_session_not_accessed(self):
		"""
		@@ -89,8 +93,13 @@ class AuthContextProcessorTests(TestCase):
		self.assertContains(response, "Session not accessed")

		@override_settings(
		MIDDLEWARE_CLASSES=global_settings.MIDDLEWARE_CLASSES,
		TEMPLATE_CONTEXT_PROCESSORS=global_settings.TEMPLATE_CONTEXT_PROCESSORS,
		MIDDLEWARE_CLASSES=(
		'django.contrib.sessions.middleware.SessionMiddleware',
		'django.contrib.auth.middleware.AuthenticationMiddleware',
		),
		TEMPLATE_CONTEXT_PROCESSORS=(
		'django.contrib.auth.context_processors.auth',
		),
		)
		def test_session_is_accessed(self):
		"""

+1 −0

Original line number	Diff line number	Diff line
		@@ -8,6 +8,7 @@ from .registry import register, run_checks, tag_exists, Tags

		# Import these to force registration of checks
		import django.core.checks.compatibility.django_1_6_0 # NOQA
		import django.core.checks.compatibility.django_1_7_0 # NOQA
		import django.core.checks.model_checks # NOQA

		__all__ = [

0 → 100644

+36 −0

Original line number	Diff line number	Diff line
		from __future__ import unicode_literals

		from .. import Warning, register, Tags


		@register(Tags.compatibility)
		def check_1_7_compatibility(**kwargs):
		errors = []
		errors.extend(_check_middleware_classes(**kwargs))
		return errors


		def _check_middleware_classes(app_configs=None, **kwargs):
		"""
		Checks if the user has not overridden the ``MIDDLEWARE_CLASSES`` setting &
		warns them about the global default changes.
		"""
		from django.conf import settings

		# MIDDLEWARE_CLASSES is overridden by default by startproject. If users
		# have removed this override then we'll warn them about the default changes.
		if not settings.is_overridden('MIDDLEWARE_CLASSES'):
		return [
		Warning(
		"MIDDLEWARE_CLASSES is not set.",
		hint=("Django 1.7 changed the global defaults for the MIDDLEWARE_CLASSES."
		"django.contrib.sessions.middleware.SessionMiddleware, "
		"django.contrib.auth.middleware.AuthenticationMiddleware, and "
		"django.contrib.messages.middleware.MessageMiddleware were removed from the defaults."
		"If your project needs these middleware then you should configure this setting."),
		obj=None,
		id='1_7.W001',
		)
		]
		else:
		return []

+8 −4

Original line number	Diff line number	Diff line
		@@ -1749,13 +1749,17 @@ MIDDLEWARE_CLASSES
		Default::

		('django.middleware.common.CommonMiddleware',
		'django.contrib.sessions.middleware.SessionMiddleware',
		'django.middleware.csrf.CsrfViewMiddleware',
		'django.contrib.auth.middleware.AuthenticationMiddleware',
		'django.contrib.messages.middleware.MessageMiddleware',)
		'django.middleware.csrf.CsrfViewMiddleware',)

		A tuple of middleware classes to use. See :doc:`/topics/http/middleware`.

		.. versionchanged:: 1.7

		:class:`~django.contrib.sessions.middleware.SessionMiddleware`,
		:class:`~django.contrib.auth.middleware.AuthenticationMiddleware`, and
		:class:`~django.contrib.messages.middleware.MessageMiddleware` were removed
		from this setting.

		.. setting:: MIGRATION_MODULES

		MIGRATION_MODULES