🐛 add middleware to handle social auth provider unavailability gracefully#13523

Merged

Maffooch merged 18 commits intoDefectDojo:bugfixfrom

manuel-sommer:fix_auth_provider_500

Oct 30, 2025

Contributor

manuel-sommer commented Oct 24, 2025 •

edited

Loading

grafik

-->

grafik

grafik


          🎉 add middleware to handle social auth provider unavailability gracef…

9a3c9b8

…ully

manuel-sommer requested review from Maffooch and mtesauro as code owners

October 24, 2025 08:12

github-actions Bot added the settings_changes label

a37a3b1

dryrunsecurity Bot commented Oct 24, 2025 •

edited

Loading

🔴 Risk threshold exceeded.

This pull request modifies a sensitive file (dojo/middleware.py) multiple times; the scanner flags these as sensitive codepath edits and recommends configuring allowed paths/authors in .dryrunsecurity.yaml. Review and approve or restrict these changes per your sensitivity policy.

🔴 Configured Codepaths Edit in dojo/middleware.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in `.dryrunsecurity.yaml`.

🔴 Configured Codepaths Edit in dojo/middleware.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in `.dryrunsecurity.yaml`.

🔴 Configured Codepaths Edit in dojo/middleware.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in `.dryrunsecurity.yaml`.

🔴 Configured Codepaths Edit in dojo/middleware.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in `.dryrunsecurity.yaml`.

🔴 Configured Codepaths Edit in dojo/middleware.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in `.dryrunsecurity.yaml`.

🔴 Configured Codepaths Edit in dojo/middleware.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in `.dryrunsecurity.yaml`.

🔴 Configured Codepaths Edit in dojo/middleware.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in `.dryrunsecurity.yaml`.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

c6e1403

manuel-sommer force-pushed the fix_auth_provider_500 branch from 756938a to c6e1403 Compare

October 24, 2025 08:14

manuel-sommer changed the title ~~🎉 add middleware to handle social auth provider unavailability gracefully~~ 🐛 add middleware to handle social auth provider unavailability gracefully

Member

valentijnscholten commented Oct 24, 2025 •

edited

Loading

Is there not a better/cleaner way to do this, for example by subclassing the social auth middleware?
It feels like a lot of extra code and configuration to handle a case which is probably not even that common.
I think name, path_prefix, check_path are not needed. The rest can be loaded straight from settings?
I also wonder if the standard login is always available as fallback.


          update

bf5b515

manuel-sommer force-pushed the fix_auth_provider_500 branch from 7a5b134 to bf5b515 Compare

October 24, 2025 12:03

Contributor Author

manuel-sommer commented Oct 24, 2025

Is there not a better/cleaner way to do this, for example by subclassing the social auth middleware? It feels like a lot of extra code and configuration to handle a case which is probably not even that common. I think name, path_prefix, check_path are not needed. The rest can be loaded straight from settings? I also wonder if the standard login is always available as fallback.

I adapted the code. Also, the standard login is always available as fallback.

Member

valentijnscholten commented Oct 25, 2025

Thanks for the efforts @manuel-sommer , but did you consider other approaches? I am not yet convinced this middleware solution is the best way to implement this. When I look at the Django Social Auth app I see some pointers around customizing the middleware and exception handling:

Could you take a look and/or convince us that the proposed solution in this PR is the best fit?


          update according to recommendation

894e86f

manuel-sommer force-pushed the fix_auth_provider_500 branch from b0a5636 to 894e86f Compare

October 25, 2025 20:03

Contributor Author

manuel-sommer commented Oct 25, 2025

Thanks for the efforts @manuel-sommer , but did you consider other approaches? I am not yet convinced this middleware solution is the best way to implement this. When I look at the Django Social Auth app I see some pointers around customizing the middleware and exception handling:
* https://github.com/omab/django-social-auth/blob/699571a3b6d84aa2c25ffce59daa4c7f3559a0e4/example/example/middleware.py

* https://github.com/omab/edx-platform/blob/f098633cee8b941d04e1beb1ff3b3acd5a3511e4/common/djangoapps/third_party_auth/middleware.py

* https://github.com/omab/django-social-auth/blob/699571a3b6d84aa2c25ffce59daa4c7f3559a0e4/doc/configuration.rst#exceptions-middleware
Could you take a look and/or convince us that the proposed solution in this PR is the best fit?

Thank you for the guidance here @valentijnscholten. Learned something new :-)
How about the PR now?

manuel-sommer closed this

manuel-sommer reopened this

Member

valentijnscholten commented Oct 26, 2025

Looks nice and clean @manuel-sommer :-) I don't have a way to test this. Dis you manage to test these specific types or errors? We need to make sure we don't break the SSO for the Pro clients :-)

valentijnscholten added this to the 2.52.0 milestone

github-actions Bot added the unittests label


          add unittest

6c7768a

manuel-sommer force-pushed the fix_auth_provider_500 branch from a4072ab to 6c7768a Compare

October 26, 2025 19:31


          Merge branch 'bugfix' into fix_auth_provider_500

660e370

manuel-sommer force-pushed the fix_auth_provider_500 branch from 8aeb513 to 3230e5c Compare

October 26, 2025 20:18

Contributor Author

manuel-sommer commented Oct 26, 2025 •

edited

Loading

@valentijnscholten, I implemented a unittest, but don't have the chance to test all different possibilities in a real environment.


          update

11556e7

manuel-sommer force-pushed the fix_auth_provider_500 branch from 3230e5c to 11556e7 Compare

October 27, 2025 10:28


          update on unittest

manuel-sommer added 2 commits

October 27, 2025 12:33


          add integrationtest

ef6f0f2


          update unittest description

84b14ca

kiblik requested changes

View reviewed changes

dojo/middleware.py Outdated

kiblik reviewed

View reviewed changes

dojo/middleware.py Outdated

manuel-sommer added 3 commits

October 27, 2025 15:13


          udpate

d228d99


          udpate

66022e7


          fix unittest

496ee25

manuel-sommer requested a review from kiblik

October 27, 2025 14:34

manuel-sommer and others added 3 commits

October 27, 2025 15:56


          Merge branch 'bugfix' into fix_auth_provider_500

acd29f5


          add authforbidden

de8abc3


          Merge branch 'bugfix' into fix_auth_provider_500

f7c9c3c

valentijnscholten approved these changes

View reviewed changes


          Merge branch 'bugfix' into fix_auth_provider_500

baeaa57

Maffooch approved these changes

View reviewed changes

Maffooch requested review from Jino-T and blakeaowens

October 28, 2025 16:12

mtesauro approved these changes

View reviewed changes

Contributor

mtesauro left a comment

Approved

blakeaowens approved these changes

View reviewed changes

Contributor

mtesauro commented Oct 30, 2025

@kiblik Are you good with this? Wanted to ask before we merged it since you had requested changes that haven't been dismissed.

Maffooch mentioned this pull request

🐛 Robustify create_user to handle None value #13572

Merged

Contributor

Maffooch commented Oct 30, 2025

@kiblik I'm gonna go ahead and merge this one so that the changes can be used in #13572

Maffooch merged commit 16c749c into DefectDojo:bugfix

149 checks passed

manuel-sommer deleted the fix_auth_provider_500 branch

October 30, 2025 15:29

Maffooch pushed a commit to valentijnscholten/django-DefectDojo that referenced this pull request


          🐛 add middleware to handle social auth provider unavailability gracef…

a4429d3

…ully (DefectDojo#13523)

* 🎉 add middleware to handle social auth provider unavailability gracefully

* -

* -

* update according to recommendation

* add unittest

* update

* update on unittest

* add integrationtest

* update unittest description

* udpate

* udpate

* fix unittest

* add authforbidden

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

mtesauro mtesauro approved these changes

valentijnscholten valentijnscholten approved these changes

Maffooch Maffooch approved these changes

blakeaowens blakeaowens approved these changes

kiblik Awaiting requested review from kiblik

Jino-T Awaiting requested review from Jino-T

Labels

settings_changes unittests