[1.2.X] Fixed #15260 -- Ensured that CACHE_MIDDLEWARE_ANONYMOUS_ONLY is effective with the cache_page decorator, not only the middleware. Thanks to brodie for report and draft patch.

Backport of r15559 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15560 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-17 05:01:42 +00:00 · 2011-02-17 05:01:42 +00:00 · aae16079ef
commit aae16079ef
parent 9ec9d2efd1
4 changed files with 43 additions and 15 deletions
--- a/django/middleware/cache.py
+++ b/django/middleware/cache.py
@ -50,7 +50,7 @@ More details about how the caching works:
 from django.conf import settings
 from django.core.cache import cache
-from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age, has_vary_header
+from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age
 class UpdateCacheMiddleware(object):
@ -67,10 +67,19 @@ class UpdateCacheMiddleware(object):
        self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
        self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False)
    def _session_accessed(self, request):
        try:
            return request.session.accessed
        except AttributeError:
            return False
    def _should_update_cache(self, request, response):
        if not hasattr(request, '_cache_update_cache') or not request._cache_update_cache:
            return False
-        if self.cache_anonymous_only and has_vary_header(response, 'Cookie'):
+        # If the session has not been accessed otherwise, we don't want to
        # cause it to be accessed here. If it hasn't been accessed, then the
        # user's logged-in status has not affected the response anyway.
        if self.cache_anonymous_only and self._session_accessed(request):
            assert hasattr(request, 'user'), "The Django cache middleware with CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the CacheMiddleware."
            if request.user.is_authenticated():
                # Don't cache user-variable requests from authenticated users.
--- a/tests/regressiontests/cache/tests.py
+++ b/tests/regressiontests/cache/tests.py
@ -19,6 +19,7 @@ from django.test.utils import get_warnings_state, restore_warnings_state
 from django.utils import translation
 from django.utils.cache import patch_vary_headers, get_cache_key, learn_cache_key
 from django.utils.hashcompat import md5_constructor
 from django.views.decorators.cache import cache_page
 from regressiontests.cache.models import Poll, expensive_calculation
 # functions/classes for complex data type tests
@ -653,15 +654,18 @@ def hello_world_view(request, value):
 class CacheMiddlewareTest(unittest.TestCase):
    def setUp(self):
-        self.orig_cache_middleware_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False)
+        from django.middleware import cache as cache_middleware_module
        self._orig_cache_backend = settings.CACHE_BACKEND
        self.cache_middleware_module = cache_middleware_module
        self.orig_cache = self.cache_middleware_module.cache
        self.orig_cache_middleware_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False)
        cache_middleware_module.cache = get_cache("locmem://")
        settings.CACHE_MIDDLEWARE_ANONYMOUS_ONLY = False
        settings.CACHE_BACKEND = "locmem://"
    def tearDown(self):
        self.cache_middleware_module.cache = self.orig_cache
        settings.CACHE_MIDDLEWARE_ANONYMOUS_ONLY = self.orig_cache_middleware_anonymous_only
        settings.CACHE_BACKEND = self._orig_cache_backend
    def test_cache_middleware_anonymous_only_wont_cause_session_access(self):
        """ The cache middleware shouldn't cause a session access due to
@ -694,6 +698,30 @@ class CacheMiddlewareTest(unittest.TestCase):
        self.assertEqual(request.session.accessed, False)
    def test_cache_middleware_anonymous_only_with_cache_page(self):
        """CACHE_MIDDLEWARE_ANONYMOUS_ONLY should still be effective when used
        with the cache_page decorator: the response to a request from an
        authenticated user should not be cached."""
        settings.CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True
        request = HttpRequest()
        request.path = '/view/'
        request.method = 'GET'
        class MockAuthenticatedUser(object):
            def is_authenticated(self):
                return True
        class MockAccessedSession(object):
            accessed = True
        request.user = MockAuthenticatedUser()
        request.session = MockAccessedSession()
        response = cache_page(hello_world_view)(request, '1')
        self.assertFalse("Cache-Control" in response)
 if __name__ == '__main__':
    unittest.main()
--- a/tests/regressiontests/cache/urls.py
+++ b/tests/regressiontests/cache/urls.py
@ -1,5 +0,0 @@
 from django.conf.urls.defaults import patterns
 urlpatterns = patterns('regressiontests.cache.views',
    (r'^$', 'home'),
 )
--- a/tests/regressiontests/cache/views.py
+++ b/tests/regressiontests/cache/views.py
@ -1,4 +0,0 @@
 from django.http import HttpResponse
 def home(request):
    return HttpResponse('Hello World!')