Fixed #36540 -- Updated request.auser() in contrib.auth.alogin() and contrib.auth.alogout().

2025-10-31 01:25:32 +00:00 · 2025-08-06 10:17:10 -07:00
parent 117f90dea5
commit 31a43c571f
2 changed files with 31 additions and 5 deletions
--- a/django/contrib/auth/init.py
+++ b/django/contrib/auth/init.py
@@ -234,8 +234,12 @@ async def alogin(request, user, backend=None):
    await request.session.aset(SESSION_KEY, user._meta.pk.value_to_string(user))
    await request.session.aset(BACKEND_SESSION_KEY, backend)
    await request.session.aset(HASH_SESSION_KEY, session_auth_hash)
-    if hasattr(request, "user"):
-        request.user = user
+    if hasattr(request, "auser"):
+
+        async def auser():
+            return user
+
+        request.auser = auser
    rotate_token(request)
    await user_logged_in.asend(sender=user.__class__, request=request, user=user)

@@ -269,10 +273,13 @@ async def alogout(request):
        user = None
    await user_logged_out.asend(sender=user.__class__, request=request, user=user)
    await request.session.aflush()
-    if hasattr(request, "user"):
+    if hasattr(request, "auser"):
        from django.contrib.auth.models import AnonymousUser

-        request.user = AnonymousUser()
+        async def auser():
+            return AnonymousUser()
+
+        request.auser = auser


 def get_user_model():
--- a/tests/auth_tests/test_middleware.py
+++ b/tests/auth_tests/test_middleware.py
@@ -1,5 +1,5 @@
 from django.conf import settings
-from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.contrib.auth import REDIRECT_FIELD_NAME, alogin, alogout
 from django.contrib.auth.middleware import (
    AuthenticationMiddleware,
    LoginRequiredMiddleware,
@@ -17,6 +17,9 @@ class TestAuthenticationMiddleware(TestCase):
        cls.user = User.objects.create_user(
            "test_user", "test@example.com", "test_password"
        )
+        cls.user2 = User.objects.create_user(
+            "test_user2", "test2@example.com", "test_password2"
+        )

    def setUp(self):
        self.middleware = AuthenticationMiddleware(lambda req: HttpResponse())
@@ -57,6 +60,22 @@ class TestAuthenticationMiddleware(TestCase):
        auser_second = await self.request.auser()
        self.assertIs(auser, auser_second)

+    async def test_auser_after_alogin(self):
+        self.middleware(self.request)
+        auser = await self.request.auser()
+        self.assertEqual(auser, self.user)
+        await alogin(self.request, self.user2)
+        auser_second = await self.request.auser()
+        self.assertEqual(auser_second, self.user2)
+
+    async def test_auser_after_alogout(self):
+        self.middleware(self.request)
+        auser = await self.request.auser()
+        self.assertEqual(auser, self.user)
+        await alogout(self.request)
+        auser_second = await self.request.auser()
+        self.assertTrue(auser_second.is_anonymous)
+

@override_settings(ROOT_URLCONF="auth_tests.urls")
@modify_settings(