Remove CSRF middleware/processor in aws and dev settings,

not common. This ensures that we load the MITX_FEATURES token BEFORE deciding to disable CSRF.

Remove CSRF middleware/processor in aws and dev settings,
not common. This ensures that we load the MITX_FEATURES token BEFORE deciding to disable CSRF.
39030c66 · Will Daly · Will Daly · 8573ac39 · 39030c66 · 39030c66
Commit 39030c66 authored Jul 31, 2013 by Will Daly Committed by Will Daly Jul 31, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 38 additions and 20 deletions

cms/envs/aws.py
+8 -0

cms/envs/common.py
+2 -8

cms/envs/dev.py
+9 -0

lms/envs/aws.py
+8 -4

lms/envs/common.py
+2 -8

lms/envs/dev.py
+9 -0

No files found.
--- a/cms/envs/aws.py
+++ b/cms/envs/aws.py
@@ -126,6 +126,14 @@ LOGGING = get_logger_config(LOG_DIR,
 #theming start:
 PLATFORM_NAME = ENV_TOKENS.get('PLATFORM_NAME', 'edX')
+# Disable CSRF for load testing
+if MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'):
+    exclude_csrf = lambda elem: not elem in \
+                   ['django.core.context_processors.csrf',
+                    'django.middleware.csrf.CsrfViewMiddleware']
+    TEMPLATE_CONTEXT_PROCESSORS = filter(exclude_csrf, TEMPLATE_CONTEXT_PROCESSORS)
+    MIDDLEWARE_CLASSES = filter(exclude_csrf, MIDDLEWARE_CLASSES)
 ################ SECURE AUTH ITEMS ###############################
 # Secret things: passwords, access keys, etc.

--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -105,12 +105,9 @@ TEMPLATE_CONTEXT_PROCESSORS = (
    'django.core.context_processors.static',
    'django.contrib.messages.context_processors.messages',
    'django.contrib.auth.context_processors.auth',  # this is required for admin
+    'django.core.context_processors.csrf'
 )
-# add csrf support unless disabled for load testing
-if not MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'):
-    TEMPLATE_CONTEXT_PROCESSORS += ('django.core.context_processors.csrf',)  # necessary for csrf protection
 LMS_BASE = None
 #################### CAPA External Code Evaluation #############################
@@ -141,6 +138,7 @@ MIDDLEWARE_CLASSES = (
    'request_cache.middleware.RequestCache',
    'django.middleware.cache.UpdateCacheMiddleware',
    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'method_override.middleware.MethodOverrideMiddleware',
@@ -157,10 +155,6 @@ MIDDLEWARE_CLASSES = (
    'django.middleware.transaction.TransactionMiddleware'
 )
-# add in csrf middleware unless disabled for load testing
-if not MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'):
-    MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + ('django.middleware.csrf.CsrfViewMiddleware',)
 ############################ SIGNAL HANDLERS ################################
 # This is imported to register the exception signal handling that logs exceptions
 import monitoring.exceptions  # noqa

--- a/cms/envs/dev.py
+++ b/cms/envs/dev.py
@@ -182,6 +182,15 @@ SEGMENT_IO_KEY = os.environ.get('SEGMENT_IO_KEY')
 if SEGMENT_IO_KEY:
    MITX_FEATURES['SEGMENT_IO'] = True
+########################## LOAD TESTING ########################
+# Disable CSRF for load testing
+if MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'):
+    exclude_csrf = lambda elem: not elem in \
+                   ['django.core.context_processors.csrf',
+                    'django.middleware.csrf.CsrfViewMiddleware']
+    TEMPLATE_CONTEXT_PROCESSORS = filter(exclude_csrf, TEMPLATE_CONTEXT_PROCESSORS)
+    MIDDLEWARE_CLASSES = filter(exclude_csrf, MIDDLEWARE_CLASSES)
 #####################################################################
 # Lastly, see if the developer has any local overrides.

--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -10,7 +10,6 @@ Common traits:
 # We intentionally define lots of variables that aren't used, and
 # want to import all variables from base settings files
 # pylint: disable=W0401, W0614
 import json
 from .common import *
@@ -178,9 +177,14 @@ for name, value in ENV_TOKENS.get("CODE_JAIL", {}).items():
 COURSES_WITH_UNSAFE_CODE = ENV_TOKENS.get("COURSES_WITH_UNSAFE_CODE", [])
-# automatic log in for load testing
+# Disable CSRF for load testing
-MITX_FEATURES['AUTOMATIC_AUTH_FOR_LOAD_TESTING'] = ENV_TOKENS.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING')
+if MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'):
-MITX_FEATURES['MAX_AUTO_AUTH_USERS'] = ENV_TOKENS.get('MAX_AUTO_AUTH_USERS')
+    exclude_csrf = lambda elem: not elem in \
+                   ['django.core.context_processors.csrf',
+                    'django.middleware.csrf.CsrfViewMiddleware']
+    TEMPLATE_CONTEXT_PROCESSORS = filter(exclude_csrf, TEMPLATE_CONTEXT_PROCESSORS)
+    MIDDLEWARE_CLASSES = filter(exclude_csrf, MIDDLEWARE_CLASSES)
 ############################## SECURE AUTH ITEMS ###############
 # Secret things: passwords, access keys, etc.

--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -223,6 +223,7 @@ TEMPLATE_CONTEXT_PROCESSORS = (
    'django.contrib.messages.context_processors.messages',
    #'django.core.context_processors.i18n',
    'django.contrib.auth.context_processors.auth',  # this is required for admin
+    'django.core.context_processors.csrf',
    # Added for django-wiki
    'django.core.context_processors.media',
@@ -235,10 +236,6 @@ TEMPLATE_CONTEXT_PROCESSORS = (
    'mitxmako.shortcuts.marketing_link_context_processor',
 )
-# add csrf support unless disabled for load testing
-if not MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'):
-    TEMPLATE_CONTEXT_PROCESSORS += ('django.core.context_processors.csrf',)  # necessary for csrf protection
 STUDENT_FILEUPLOAD_MAX_SIZE = 4 * 1000 * 1000  # 4 MB
 MAX_FILEUPLOADS_PER_INPUT = 20
@@ -483,6 +480,7 @@ MIDDLEWARE_CLASSES = (
    'django.contrib.messages.middleware.MessageMiddleware',
    'track.middleware.TrackMiddleware',
    'mitxmako.middleware.MakoMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
    'course_wiki.course_nav.Middleware',
@@ -493,10 +491,6 @@ MIDDLEWARE_CLASSES = (
    'codejail.django_integration.ConfigureCodeJailMiddleware',
 )
-# add in csrf middleware unless disabled for load testing
-if not MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'):
-    MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + ('django.middleware.csrf.CsrfViewMiddleware',)
 ############################### Pipeline #######################################
 STATICFILES_STORAGE = 'pipeline.storage.PipelineCachedStorage'

--- a/lms/envs/dev.py
+++ b/lms/envs/dev.py
@@ -255,6 +255,15 @@ SEGMENT_IO_LMS_KEY = os.environ.get('SEGMENT_IO_LMS_KEY')
 if SEGMENT_IO_LMS_KEY:
    MITX_FEATURES['SEGMENT_IO_LMS'] = True
+########################## LOAD TESTING ########################
+# Disable CSRF for load testing
+if MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'):
+    exclude_csrf = lambda elem: not elem in \
+                   ['django.core.context_processors.csrf',
+                    'django.middleware.csrf.CsrfViewMiddleware']
+    TEMPLATE_CONTEXT_PROCESSORS = filter(exclude_csrf, TEMPLATE_CONTEXT_PROCESSORS)
+    MIDDLEWARE_CLASSES = filter(exclude_csrf, MIDDLEWARE_CLASSES)
 ########################## USER API ########################
 EDX_API_KEY = None