From 1f0d5ad4e9022005de93eeea43182250b7852942 Mon Sep 17 00:00:00 2001
From: anthony sottile <103459774+asottile-sentry@users.noreply.github.com>
Date: Fri, 31 Jan 2025 15:44:47 -0500
Subject: [PATCH] ref: fix AttributeError on request.auth when request is
 rejected by a middleware (#84386)

resolves SENTRY-3N0J



<!-- Describe your PR here. -->
---
 src/sentry/middleware/access_log.py                   |  4 +++-
 tests/sentry/middleware/test_access_log_middleware.py | 11 ++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/sentry/middleware/access_log.py b/src/sentry/middleware/access_log.py
index ff23e6d647393f..4cec80d898f8ae 100644
--- a/src/sentry/middleware/access_log.py
+++ b/src/sentry/middleware/access_log.py
@@ -32,7 +32,9 @@ def get_request_duration(self) -> float:
 def _get_request_auth(request: Request) -> AuthenticatedToken | None:
     if request.path_info.startswith(settings.ANONYMOUS_STATIC_PREFIXES):
         return None
-    return request.auth
+    # may not be present if request was rejected by a middleware between this
+    # and the auth middleware
+    return getattr(request, "auth", None)
 
 
 def _get_token_name(auth: AuthenticatedToken | None) -> str | None:
diff --git a/tests/sentry/middleware/test_access_log_middleware.py b/tests/sentry/middleware/test_access_log_middleware.py
index 46ec21299bde7c..07920cba7fae4a 100644
--- a/tests/sentry/middleware/test_access_log_middleware.py
+++ b/tests/sentry/middleware/test_access_log_middleware.py
@@ -200,7 +200,6 @@ class TestAccessLogSuccess(LogCaptureAPITestCase):
 
     def test_access_log_success(self):
         self._caplog.set_level(logging.INFO, logger="sentry")
-        token = None
         with assume_test_silo_mode(SiloMode.CONTROL):
             token = ApiToken.objects.create(user=self.user, scope_list=["event:read", "org:read"])
         self.login_as(user=self.create_user())
@@ -210,6 +209,16 @@ def test_access_log_success(self):
         assert tested_log.token_type == "api_token"
         assert tested_log.token_last_characters == token.token_last_characters
 
+    def test_with_subdomain_redirect(self):
+        # the subdomain middleware is in between this and the access log middelware
+        # meaning if a request is rejected between those then it will not have `auth`
+        # set up properly
+        # this previously logged an error to sentry
+        resp = self.get_response(extra_headers={"HTTP_HOST": "invalid_domain.testserver"})
+        assert resp.status_code == 302
+        records = [record for record in self._caplog.records if record.levelno == logging.ERROR]
+        assert not records  # no errors should occur
+
 
 @all_silo_test
 @override_settings(LOG_API_ACCESS=False)