Re-raise/wrap auth attribute errors

Author: Ryan P Kilby

rest_framework/request.py

@@ -11,6 +11,7 @@
 from __future__ import unicode_literals
 
 import sys
+from contextlib import contextmanager
 
 from django.conf import settings
 from django.http import QueryDict
@@ -61,6 +62,24 @@ def __exit__(self, *args, **kwarg):
         self.view.action = self.action
 
 
+class WrappedAttributeError(Exception):
+    pass
+
+
+@contextmanager
+def wrap_attributeerrors():
+    """
+    Used to re-raise AttributeErrors caught during authentication, preventing
+    these errors from otherwise being handled by the attribute access protocol.
+    """
+    try:
+        yield
+    except AttributeError:
+        info = sys.exc_info()
+        exc = WrappedAttributeError(str(info[1]))
+        six.reraise(type(exc), exc, info[2])
+
+
 class Empty(object):
     """
     Placeholder for unset attributes.
@@ -193,7 +212,8 @@ def user(self):
         by the authentication classes provided to the request.
         """
         if not hasattr(self, '_user'):
-            self._authenticate()
+            with wrap_attributeerrors():
+                self._authenticate()
         return self._user
 
     @user.setter
@@ -216,7 +236,8 @@ def auth(self):
         request, such as an authentication token.
         """
         if not hasattr(self, '_auth'):
-            self._authenticate()
+            with wrap_attributeerrors():
+                self._authenticate()
         return self._auth
 
     @auth.setter
@@ -235,7 +256,8 @@ def successful_authenticator(self):
         to authenticate the request, or `None`.
         """
         if not hasattr(self, '_authenticator'):
-            self._authenticate()
+            with wrap_attributeerrors():
+                self._authenticate()
         return self._authenticator
 
     def _load_data_and_files(self):
@@ -317,7 +339,7 @@ def _parse(self):
 
         try:
             parsed = parser.parse(stream, media_type, self.parser_context)
-        except:
+        except Exception:
             # If we get an exception during parsing, fill in empty data and
             # re-raise.  Ensures we don't simply repeat the error when
             # attempting to render the browsable renderer response, or when
@@ -380,11 +402,6 @@ def __getattribute__(self, attr):
         try:
             return super(Request, self).__getattribute__(attr)
         except AttributeError:
-            # Do not proxy attribute access for `user` and `auth`, as this
-            # potentially hides AttributeError's raised in `_authenticate`.
-            if attr in ['user', 'auth']:
-                raise
-
             info = sys.exc_info()
             try:
                 return getattr(self._request, attr)

tests/test_request.py

@@ -19,7 +19,7 @@
 from rest_framework import status
 from rest_framework.authentication import SessionAuthentication
 from rest_framework.parsers import BaseParser, FormParser, MultiPartParser
-from rest_framework.request import Request
+from rest_framework.request import Request, WrappedAttributeError
 from rest_framework.response import Response
 from rest_framework.test import APIClient, APIRequestFactory
 from rest_framework.views import APIView
@@ -227,10 +227,10 @@ def authenticate(self, request):
 
         # The DRF request object does not have a user and should run authenticators
         expected = r"no attribute 'MISSPELLED_NAME_THAT_DOESNT_EXIST'"
-        with pytest.raises(AttributeError, match=expected):
+        with pytest.raises(WrappedAttributeError, match=expected):
             request.user
 
-        with pytest.raises(AttributeError, match=expected):
+        with pytest.raises(WrappedAttributeError, match=expected):
             login(request, self.user)