Context processor makes invalid assumptions about request.user

[tilsche]

There are several issues with the following code:

https://github.com/viewflow/django-material/blob/55561ac10e40c5e21bbc7fc42dba77a13b20384e/material/frontend/context_processors.py#L6-L8

• TEMPLATE_CONTEXT_PROCESSORS has long been replaced with the more complex TEMPLATES configuration
• django.contrib.auth.context_processors.auth adds a user to the context, not to the request. It uses either the request.user or an AnonymousUser() but always guarantees that there is a user in the context. But clearly this does not have any impact here because the material.frontend.context_processor uses request.user
• The request.user is added by the AuthenticationMiddleware - so that would technically be the correct error message.

However, in certain situation the request.user does not exist even though the middleware is configured correctly. We have a scenario where

• invalid requests are caught by SecurityMiddleware
• we try to render a custom error message for error 400
• material.frontend.context_processor complains about the missing user
• rendering fails, now this repeats a few times with error 500...

I would suggest that the context processor should be able to deal with a missing request.user.