from django.contrib.auth import get_user_model from .backends import AccountBackend User = get_user_model() class TemporaryAuthMiddleware: """Authenticate another user for this request if AccountBackend succeeds. By the way, if a user is authenticated, we refresh its from db to add values from CofProfile and Account of this user. """ def __init__(self, get_response): self.get_response = get_response def __call__(self, request): if request.user.is_authenticated: # avoid multiple db accesses in views and templates request.user = ( User.objects .select_related('profile__account_kfet') .get(pk=request.user.pk) ) temp_request_user = AccountBackend().authenticate( request, kfet_password=self.get_kfet_password(request), ) if temp_request_user: request.real_user = request.user request.user = temp_request_user return self.get_response(request) def get_kfet_password(self, request): return ( request.META.get('HTTP_KFETPASSWORD') or request.POST.get('KFETPASSWORD') )