Coverage for src / mesh / views / middlewares / impersonate.py: 91%
35 statements
« prev ^ index » next coverage.py v7.13.1, created at 2026-07-09 13:14 +0000
« prev ^ index » next coverage.py v7.13.1, created at 2026-07-09 13:14 +0000
1from collections.abc import Callable
3from django.contrib import messages
4from django.core.exceptions import ImproperlyConfigured
5from django.http import HttpRequest, HttpResponse
6from django.utils.translation import gettext_lazy as _
8from mesh.models.orm.user_models import User
9from mesh.models.user.user_interfaces import ImpersonateData
12def process_impersonate_session(request: HttpRequest) -> None:
13 if not isinstance(request.user, User):
14 return
16 data = ImpersonateData.from_session(request.session)
17 if not data:
18 return
20 if not data.is_valid():
21 ImpersonateData.clean_session(request.session)
22 messages.warning(
23 request,
24 _(
25 "Your impersonate session has expired. You can restart one using the 'Impersonate user' link from the user menu."
26 ),
27 )
28 return
30 try:
31 # We don't check the user rights to impersonate here. This is done when
32 # initializing the impersonate session.
33 # There's a max. duration for the impersonate session that is sufficient to
34 # prevent security issues.
35 target_user = User.objects.get(pk=data.target_id)
36 request.user = target_user
37 request.user.impersonate_data = data
38 except User.DoesNotExist:
39 ImpersonateData.clean_session(request.session)
42class ImpersonateMiddleware:
43 """
44 This middleware enables impersonation of users.
45 This should be called after the SessionMiddleware and all authentication related
46 middlewares.
48 This replaces the user object attached to the HTTP request by the targeted user.
49 """
51 def __init__(self, get_response: Callable[[HttpRequest], HttpResponse]):
52 self.get_response = get_response
54 def __call__(self, request: HttpRequest) -> HttpResponse:
55 if not hasattr(request, "session"):
56 raise ImproperlyConfigured(
57 "The ImpersonateMiddleware requires session middleware to be installed."
58 )
59 if not hasattr(request, "user"):
60 raise ImproperlyConfigured(
61 "The ImpersonateMiddleware requires authentication middleware to be installed."
62 )
63 if not hasattr(request, "_messages"):
64 raise ImproperlyConfigured(
65 "The ImpersonateMiddleware requires the message middleware to be installed."
66 )
68 process_impersonate_session(request)
70 return self.get_response(request)