Re: [PATCH] pgarchives: Always load auth, even when using PUBLIC_ARCHIVES=True

Like this? (attached)

On 11/04/2023 11:13, Magnus Hagander wrote:
> On Sat, Apr 1, 2023 at 11:38 PM Célestin Matte <celestin(dot)matte(at)cmatte(dot)me> wrote:
>>
>> There's an issue in pgarchives with auth when using PUBLIC_ARCHIVES=True.
>> Even in public archives mode, auth is necessary as an antispam feature for downloading mbox, raw messages etc.
>> However, in public archives mode, auth is not loaded, except when setting ALLOW_RESEND=True. But that variable has a different purpose and the semantics is unclear.
>> Several solutions exist:
>> - adding a variable in settings to allow auth for these purposes
>> - always loading auth. This is the solution I used in attached patch.
>
>
> Ouch. That is definitely a think-o when I changed it to use this type
> of auth for antispam. Oops.
>
> I think at this point it would be more clear to just merge the changes
> up to where they are originally instead of adding them later, that is
> include things in MIDDLEWARE already in the static array.
>
> It might be, for cleanliness perspective and possible future
> expansion, good to keep the PGAUTH specific parts under an "if PGAUTH"
> or something like that, and then just hardcode that one to True for
> now. But things like session and authentication middleware are going
> to be needed regardless of which authentication method i sused.
>

--
Célestin Matte