search

15five / django-scim2

A SCIM 2.0 Service Provider Implementation (for Django)
http://django-scim2.readthedocs.io/
Other
76 stars 27 forks source link

Apply SCIMAuthCheckMiddleware directly to SCIMView.dispatch #85

Closed andersk closed 1 year ago

andersk commented 2 years ago

This way, the user no longer needs to install our middleware in their project settings; this simplifies configuration and avoids a performance penalty for all non-SCIM requests.

Additionally, since SCIMView now has a guarantee that SCIMAuthCheckMiddleware is being used (unless the new AUTH_CHECK_MIDDLEWARE setting is explicitly overridden), it no longer needs to perform its own redundant version of the check.

With the redundant check removed, we could go further and remove the GET_IS_AUTHENTICATED_PREDICATE setting, since the same effect can be achieved by setting the AUTH_CHECK_MIDDLEWARE setting to a custom subclass of SCIMAuthCheckMiddleware.

@logston What do you think about this strategy?

andersk commented 1 year ago

(Rebased onto master so this isn’t entangled with #84.)

js-truework commented 1 year ago

@andersk Thanks so much for this change, one of the things I wanted to address in order to use this library was not adding a site-wide middleware, and it looks like you've already beaten me to it!

@logston Is there a release schedule for when these changes might be made available on PyPI? I'd love to take advantage of them! I can install from the git repo at a specific hash for now, but would be a bit harder to manage updates that way.

logston commented 1 year ago

Yep, just pushed. @caleb15 do you mind reviewing this: https://github.com/15five/django-scim2/pull/95