From 2413240ea5f1fe5998af794c0865b65f96e4e056 Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Tue, 13 Nov 2018 14:39:25 -0600
Subject: [PATCH] Only activate ShibbolethWebAuthMiddleware on /post-login/

---
 gracedb/ligoauth/middleware.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/gracedb/ligoauth/middleware.py b/gracedb/ligoauth/middleware.py
index f8ca9dcbe..f32819f4e 100644
--- a/gracedb/ligoauth/middleware.py
+++ b/gracedb/ligoauth/middleware.py
@@ -1,12 +1,15 @@
+import logging
+import re
+
 from django.conf import settings
-from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
 from django.contrib import auth
+from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
+from django.contrib.auth.models import Group
 from django.core.exceptions import ImproperlyConfigured
 
-from django.contrib.auth.models import Group
+from core.http import request_is_for_view
 
-import re
-import logging
+# Set up logger
 logger = logging.getLogger(__name__)
 
 
@@ -27,6 +30,11 @@ class ShibbolethWebAuthMiddleware(PersistentRemoteUserMiddleware):
 
     def process_request(self, request):
 
+        # This middleware should *only* be active at the post-login URL
+        # where shibboleth is also active.
+        if not request_is_for_view('post-login', request):
+            return
+
         # AuthenticationMiddleware is required so that request.user exists.
         if not hasattr(request, 'user'):
             raise ImproperlyConfigured(
-- 
GitLab