django-loginas icon indicating copy to clipboard operation
django-loginas copied to clipboard

Published 20 hours ago verified publisher icon skorokithakis

django.contrib.admin is required

Open notanumber opened this issue 5 years ago • 2 comments

It appears as though the loginas app has an undocumented dependency on the django.contrib.admin app in utils.py

Traceback (most recent call last):                                                                                                                 
[...]                                                                  
  File "/app/project/apps/accounts/urls.py", line 4, in <module>                                                                                   
    from loginas.views import user_login                                                                                                           
  File "/usr/local/lib/python3.7/site-packages/loginas/views.py", line 11, in <module>                                                             
    from .utils import login_as, restore_original_login                                                                                            
  File "/usr/local/lib/python3.7/site-packages/loginas/utils.py", line 7, in <module>                                                              
    from django.contrib.admin.models import CHANGE, LogEntry                                                                                       
  File "/usr/local/lib/python3.7/site-packages/django/contrib/admin/models.py", line 39, in <module>                                               
    class LogEntry(models.Model):                                                                                                                  
  File "/usr/local/lib/python3.7/site-packages/django/db/models/base.py", line 111, in __new__                                                     
    "INSTALLED_APPS." % (module, name)                                                                                                             
RuntimeError: Model class django.contrib.admin.models.LogEntry doesn't declare an explicit app_label and isn't in an application in INSTALLED_APPS.

I believe this could be corrected by testing whether the admin is installed or not, and skipping trying to create the LogEntry if isn't installed. If that makes sense, I can submit a patch to make this change.

notanumber avatar Jul 26 '19 15:07 notanumber

Hmm, all this library does is add a button to the admin, which is rather hard if you aren't using the admin. Can you tell me a bit more about your use case?

I'm fine skipping the LogEntry if the admin isn't installed, I'm just mystified as to how you're using loginas.

skorokithakis avatar Jul 26 '19 22:07 skorokithakis

We're mapping the user_login view to our own login-as-user which is accessible from our own user administration area rather than using the contrib.admin. We've actually removed all traces of the contrib.admin altogether as it wasn't necessary for our project and presented a possible attack vector from someone trying to breakin.

Seems to work fairly well, although I did need to write my own logout:

def logout(request):
    has_other_session = is_impersonated_session(request)
    restore_original_login(request)
    if has_other_session:
        return redirect('accounts-profile_list')
    return render(request, template_name='accounts/logout.html')

I'll see if I can wrap that LogEntry (and related import) logic to prevent an issue when contrib.admin isn't available and submit a pull request.

notanumber avatar Jul 26 '19 23:07 notanumber