restore django_auth

DataDog · Jan 24, 2025 · b05361f · b05361f
1 parent cfd1d1e
commit b05361f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 25 deletions.
diff --git a/ddtrace/appsec/_trace_utils.py b/ddtrace/appsec/_trace_utils.py
@@ -357,30 +357,20 @@ def _on_django_auth(result_user, mode, kwargs, pin, info_retriever, django_confi
     else:
         user_id = None
 
-    user_id_found, user_extra = info_retriever.get_user_info(
-        login=django_config.include_user_login,
-        email=django_config.include_user_email,
-        name=django_config.include_user_realname,
-    )
-    if user_extra.get("login") is None:
-        user_extra["login"] = user_id
-    user_id = user_id_found or user_id
-    with pin.tracer.trace("django.contrib.auth.login", span_type=SpanTypes.AUTH):
-        if not result_user:
+    if not result_user:
+        with pin.tracer.trace("django.contrib.auth.login", span_type=SpanTypes.AUTH):
+            user_id_found, user_extra = info_retriever.get_user_info(
+                login=django_config.include_user_login,
+                email=django_config.include_user_email,
+                name=django_config.include_user_realname,
+            )
+            if user_extra.get("login") is None:
+                user_extra["login"] = user_id
+            user_id = user_id_found or user_id
             exists = info_retriever.user_exists()
             track_user_login_failure_event(
                 pin.tracer, user_id=user_id, login_events_mode=mode, exists=exists, **user_extra
             )
-        elif in_asm_context():
-            real_mode = mode if mode != LOGIN_EVENTS_MODE.AUTO else asm_config._user_event_mode
-            custom_data = {
-                "REQUEST_USER_ID": str(user_id) if user_id else None,
-                "REQUEST_USERNAME": user_extra.get("login"),
-                "LOGIN_SUCCESS": real_mode,
-            }
-            res = call_waf_callback(custom_data=custom_data, force_sent=True)
-            if res and any(action in [WAF_ACTIONS.BLOCK_ACTION, WAF_ACTIONS.REDIRECT_ACTION] for action in res.actions):
-                raise BlockingException(get_blocked())
 
     return False, None
 
@@ -406,6 +396,7 @@ def _on_django_process(result_user, mode, kwargs, pin, info_retriever, django_co
         user_extra["login"] = user_id
     user_id = user_id_found or user_id
     if result_user and in_asm_context() and result_user.is_authenticated:
+        set_user(pin.tracer, str(user_id), propagate=True, **user_extra)
         real_mode = mode if mode != LOGIN_EVENTS_MODE.AUTO else asm_config._user_event_mode
         custom_data = {
             "REQUEST_USER_ID": str(user_id) if user_id else None,
@@ -419,7 +410,4 @@ def _on_django_process(result_user, mode, kwargs, pin, info_retriever, django_co
 
 core.on("django.login", _on_django_login)
 core.on("django.auth", _on_django_auth, "user")
-core.on(
-    "django.process_request",
-    _on_django_process,
-)
+# core.on("django.process_request", _on_django_process)
diff --git a/tests/appsec/integrations/django_tests/test_django_appsec.py b/tests/appsec/integrations/django_tests/test_django_appsec.py
@@ -186,7 +186,7 @@ def test_django_login_sucess_identification(client, test_spans, tracer, use_logi
         assert get_user(client).is_authenticated
         login_span = test_spans.find_span(name="django.contrib.auth.login")
         assert login_span
-        assert login_span.get_tag(user.ID) == "1"
+        assert login_span.get_tag(user.ID) == "1", login_span.get_tag(user.ID)
         assert login_span.get_tag(APPSEC.USER_LOGIN_EVENT_PREFIX_PUBLIC + ".success.track") == "true"
         assert login_span.get_tag(APPSEC.AUTO_LOGIN_EVENTS_SUCCESS_MODE) == LOGIN_EVENTS_MODE.IDENT
         if use_login: