[1.7.x] Fixed #22477 -- Removed contrib middleware from the global settings defaults.

Also added a compatibility check for changed middleware defaults.
2014-04-20 08:58:29 -04:00 · 2014-04-20 08:58:29 -04:00 · d94de802d3
parent d3bf537324
commit d94de802d3
9 changed files with 131 additions and 15 deletions
--- a/django/conf/global_settings.py
+++ b/django/conf/global_settings.py
@ -461,12 +461,7 @@ SECURE_PROXY_SSL_HEADER = None
 # response phase the middleware will be applied in reverse order.
 MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
-    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
-    # 'django.middleware.http.ConditionalGetMiddleware',
-    # 'django.middleware.gzip.GZipMiddleware',
 )

 ############
--- a/django/contrib/auth/tests/test_context_processors.py
+++ b/django/contrib/auth/tests/test_context_processors.py
@ -1,6 +1,5 @@
 import os

-from django.conf import global_settings
 from django.contrib.auth import authenticate
 from django.contrib.auth.tests.utils import skipIfCustomUser
 from django.contrib.auth.models import User, Permission
@ -77,8 +76,13 @@ class AuthContextProcessorTests(TestCase):
    fixtures = ['context-processors-users.xml']

    @override_settings(
-        MIDDLEWARE_CLASSES=global_settings.MIDDLEWARE_CLASSES,
-        TEMPLATE_CONTEXT_PROCESSORS=global_settings.TEMPLATE_CONTEXT_PROCESSORS,
+        MIDDLEWARE_CLASSES=(
+            'django.contrib.sessions.middleware.SessionMiddleware',
+            'django.contrib.auth.middleware.AuthenticationMiddleware',
+        ),
+        TEMPLATE_CONTEXT_PROCESSORS=(
+            'django.contrib.auth.context_processors.auth',
+        ),
    )
    def test_session_not_accessed(self):
        """
@ -89,8 +93,13 @@ class AuthContextProcessorTests(TestCase):
        self.assertContains(response, "Session not accessed")

    @override_settings(
-        MIDDLEWARE_CLASSES=global_settings.MIDDLEWARE_CLASSES,
-        TEMPLATE_CONTEXT_PROCESSORS=global_settings.TEMPLATE_CONTEXT_PROCESSORS,
+        MIDDLEWARE_CLASSES=(
+            'django.contrib.sessions.middleware.SessionMiddleware',
+            'django.contrib.auth.middleware.AuthenticationMiddleware',
+        ),
+        TEMPLATE_CONTEXT_PROCESSORS=(
+            'django.contrib.auth.context_processors.auth',
+        ),
    )
    def test_session_is_accessed(self):
        """
--- a/django/core/checks/init.py
+++ b/django/core/checks/init.py
@ -8,6 +8,7 @@ from .registry import register, run_checks, tag_exists, Tags

 # Import these to force registration of checks
 import django.core.checks.compatibility.django_1_6_0  # NOQA
+import django.core.checks.compatibility.django_1_7_0  # NOQA
 import django.core.checks.model_checks  # NOQA

 __all__ = [
--- a/django/core/checks/compatibility/django_1_7_0.py
+++ b/django/core/checks/compatibility/django_1_7_0.py
@ -0,0 +1,36 @@
+from __future__ import unicode_literals
+
+from .. import Warning, register, Tags
+
+
+@register(Tags.compatibility)
+def check_1_7_compatibility(**kwargs):
+    errors = []
+    errors.extend(_check_middleware_classes(**kwargs))
+    return errors
+
+
+def _check_middleware_classes(app_configs=None, **kwargs):
+    """
+    Checks if the user has *not* overridden the ``MIDDLEWARE_CLASSES`` setting &
+    warns them about the global default changes.
+    """
+    from django.conf import settings
+
+    # MIDDLEWARE_CLASSES is overridden by default by startproject. If users
+    # have removed this override then we'll warn them about the default changes.
+    if not settings.is_overridden('MIDDLEWARE_CLASSES'):
+        return [
+            Warning(
+                "MIDDLEWARE_CLASSES is not set.",
+                hint=("Django 1.7 changed the global defaults for the MIDDLEWARE_CLASSES."
+                      "django.contrib.sessions.middleware.SessionMiddleware, "
+                      "django.contrib.auth.middleware.AuthenticationMiddleware, and "
+                      "django.contrib.messages.middleware.MessageMiddleware were removed from the defaults."
+                      "If your project needs these middleware then you should configure this setting."),
+                obj=None,
+                id='1_7.W001',
+            )
+        ]
+    else:
+        return []
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@ -1749,13 +1749,17 @@ MIDDLEWARE_CLASSES
 Default::

    ('django.middleware.common.CommonMiddleware',
-     'django.contrib.sessions.middleware.SessionMiddleware',
-     'django.middleware.csrf.CsrfViewMiddleware',
-     'django.contrib.auth.middleware.AuthenticationMiddleware',
-     'django.contrib.messages.middleware.MessageMiddleware',)
+     'django.middleware.csrf.CsrfViewMiddleware',)

 A tuple of middleware classes to use. See :doc:`/topics/http/middleware`.

+.. versionchanged:: 1.7
+
+    :class:`~django.contrib.sessions.middleware.SessionMiddleware`,
+    :class:`~django.contrib.auth.middleware.AuthenticationMiddleware`, and
+    :class:`~django.contrib.messages.middleware.MessageMiddleware` were removed
+    from this setting.
+
 .. setting:: MIGRATION_MODULES

 MIGRATION_MODULES
--- a/docs/releases/1.7.txt
+++ b/docs/releases/1.7.txt
@ -68,6 +68,8 @@ but a few of the key features are:
  inside ``TransactionTestCase`` :ref:`unless specifically requested
  <test-case-serialized-rollback>`.

+.. _app-loading-refactor-17-release-note:
+
 App-loading refactor
 ~~~~~~~~~~~~~~~~~~~~

@ -1114,6 +1116,27 @@ in a test class which is a subclass of
 :class:`~django.test.TransactionTestCase` rather than
 :class:`~django.test.TestCase`.

+Contrib middleware removed from default :setting:`MIDDLEWARE_CLASSES`
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The :ref:`app-loading refactor <app-loading-refactor-17-release-note>`
+deprecated using models from apps which are not part of the
+:setting:`INSTALLED_APPS` setting. This exposed an incompatibility between
+the default :setting:`INSTALLED_APPS` and :setting:`MIDDLEWARE_CLASSES` in the
+global defaults (``django.conf.global_settings``). To bring these settings in
+sync and prevent deprecation warnings when doing things like testing reusable
+apps with minimal settings,
+:class:`~django.contrib.sessions.middleware.SessionMiddleware`,
+:class:`~django.contrib.auth.middleware.AuthenticationMiddleware`, and
+:class:`~django.contrib.messages.middleware.MessageMiddleware` were removed
+from the defaults. These classes will still be included in the default settings
+generated by :djadmin:`startproject`. Most projects will not be affected by
+this change but if you were not previously declaring the
+:setting:`MIDDLEWARE_CLASSES` in your project settings and relying on the
+global default you should ensure that the new defaults are in line with your
+project's needs. You should also check for any code that accesses
+``django.conf.global_settings.MIDDLEWARE_CLASSES`` directly.
+
 Miscellaneous
 ~~~~~~~~~~~~~

--- a/tests/admin_scripts/tests.py
+++ b/tests/admin_scripts/tests.py
@ -58,11 +58,12 @@ class AdminScriptTestCase(unittest.TestCase):
                'ROOT_URLCONF',
                'SECRET_KEY',
                'TEST_RUNNER',  # We need to include TEST_RUNNER, otherwise we get a compatibility warning.
+                'MIDDLEWARE_CLASSES',  # We need to include MIDDLEWARE_CLASSES, otherwise we get a compatibility warning.
            ]
            for s in exports:
                if hasattr(settings, s):
                    o = getattr(settings, s)
-                    if not isinstance(o, dict):
+                    if not isinstance(o, (dict, tuple, list)):
                        o = "'%s'" % o
                    settings_file.write("%s = %s\n" % (s, o))

--- a/tests/check_framework/tests.py
+++ b/tests/check_framework/tests.py
@ -10,6 +10,7 @@ from django.core import checks
 from django.core.checks import Error, Warning
 from django.core.checks.registry import CheckRegistry
 from django.core.checks.compatibility.django_1_6_0 import check_1_6_compatibility
+from django.core.checks.compatibility.django_1_7_0 import check_1_7_compatibility
 from django.core.management.base import CommandError
 from django.core.management import call_command
 from django.db.models.fields import NOT_PROVIDED
@ -148,6 +149,40 @@ class Django_1_6_0_CompatibilityChecks(TestCase):
                boolean_field.default = old_default


+class Django_1_7_0_CompatibilityChecks(TestCase):
+
+    @override_settings(MIDDLEWARE_CLASSES=('django.contrib.sessions.middleware.SessionMiddleware',))
+    def test_middleware_classes_overridden(self):
+        errors = check_1_7_compatibility()
+        self.assertEqual(errors, [])
+
+    def test_middleware_classes_not_set_explicitly(self):
+        # If MIDDLEWARE_CLASSES was set explicitly, temporarily pretend it wasn't
+        middleware_classes_overridden = False
+        if 'MIDDLEWARE_CLASSES' in settings._wrapped._explicit_settings:
+            middleware_classes_overridden = True
+            settings._wrapped._explicit_settings.remove('MIDDLEWARE_CLASSES')
+        try:
+            errors = check_1_7_compatibility()
+            expected = [
+                checks.Warning(
+                    "MIDDLEWARE_CLASSES is not set.",
+                    hint=("Django 1.7 changed the global defaults for the MIDDLEWARE_CLASSES."
+                          "django.contrib.sessions.middleware.SessionMiddleware, "
+                          "django.contrib.auth.middleware.AuthenticationMiddleware, and "
+                          "django.contrib.messages.middleware.MessageMiddleware were removed from the defaults."
+                          "If your project needs these middleware then you should configure this setting."),
+                    obj=None,
+                    id='1_7.W001',
+                )
+            ]
+            self.assertEqual(errors, expected)
+        finally:
+            # Restore settings value
+            if middleware_classes_overridden:
+                settings._wrapped._explicit_settings.add('MIDDLEWARE_CLASSES')
+
+
 def simple_system_check(**kwargs):
    simple_system_check.kwargs = kwargs
    return []
--- a/tests/runtests.py
+++ b/tests/runtests.py
@ -56,6 +56,14 @@ ALWAYS_INSTALLED_APPS = [
    'servers.another_app',
 ]

+ALWAYS_MIDDLEWARE_CLASSES = (
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+)
+

 def get_test_modules():
    from django.contrib.gis.tests.utils import HAS_SPATIAL_DB
@ -107,6 +115,7 @@ def setup(verbosity, test_labels):
        'LANGUAGE_CODE': settings.LANGUAGE_CODE,
        'STATIC_URL': settings.STATIC_URL,
        'STATIC_ROOT': settings.STATIC_ROOT,
+        'MIDDLEWARE_CLASSES': settings.MIDDLEWARE_CLASSES,
    }

    # Redirect some settings for the duration of these tests.
@ -117,6 +126,9 @@ def setup(verbosity, test_labels):
    settings.TEMPLATE_DIRS = (os.path.join(RUNTESTS_DIR, TEST_TEMPLATE_DIR),)
    settings.LANGUAGE_CODE = 'en'
    settings.SITE_ID = 1
+    settings.MIDDLEWARE_CLASSES = ALWAYS_MIDDLEWARE_CLASSES
+    # Ensure the middleware classes are seen as overridden otherwise we get a compatibility warning.
+    settings._explicit_settings.add('MIDDLEWARE_CLASSES')

    if verbosity > 0:
        # Ensure any warnings captured to logging are piped through a verbose