From 6c0c2a77c9aa2996a4d68116e51325701a11d1bb Mon Sep 17 00:00:00 2001 From: Neel Shah Date: Wed, 7 Jan 2026 16:50:01 +0100 Subject: [PATCH] Fix user handling for django ASGI --- tests/integrations/django/asgi/test_asgi.py | 48 +++++++++++++++++++++ tests/integrations/django/myapp/urls.py | 3 ++ tests/integrations/django/myapp/views.py | 13 ++++++ 3 files changed, 64 insertions(+) diff --git a/tests/integrations/django/asgi/test_asgi.py b/tests/integrations/django/asgi/test_asgi.py index f956d12f82..00907c9d59 100644 --- a/tests/integrations/django/asgi/test_asgi.py +++ b/tests/integrations/django/asgi/test_asgi.py @@ -9,10 +9,12 @@ import django import pytest from channels.testing import HttpCommunicator + from sentry_sdk import capture_message from sentry_sdk.integrations.django import DjangoIntegration from sentry_sdk.integrations.django.asgi import _asgi_middleware_mixin_factory from tests.integrations.django.myapp.asgi import channels_application +from tests.integrations.django.utils import pytest_mark_django_db_decorator try: from django.urls import reverse @@ -737,3 +739,49 @@ async def test_transaction_http_method_custom(sentry_init, capture_events, appli (event1, event2) = events assert event1["request"]["method"] == "OPTIONS" assert event2["request"]["method"] == "HEAD" + + +@pytest.mark.asyncio +@pytest.mark.forked +@pytest_mark_django_db_decorator() +@pytest.mark.skipif( + django.VERSION < (3, 0), reason="Django ASGI support shipped in 3.0" +) +async def test_user_pii_in_asgi_with_auth(sentry_init, capture_events, settings): + settings.MIDDLEWARE = [ + "django.contrib.sessions.middleware.SessionMiddleware", + "django.contrib.auth.middleware.AuthenticationMiddleware", + ] + + asgi_application.load_middleware(is_async=True) + + sentry_init( + integrations=[DjangoIntegration()], + send_default_pii=True, + ) + + events = capture_events() + + comm = HttpCommunicator(asgi_application, "GET", "/async_mylogin") + response = await comm.get_response() + await comm.wait() + + assert response["status"] == 200 + + # Get session cookie from login response + set_cookie = next(v for k, v in response["headers"] if k.lower() == b"set-cookie") + headers = [(b"cookie", set_cookie)] + + comm = HttpCommunicator(asgi_application, "GET", "/async_message", headers=headers) + response = await comm.get_response() + await comm.wait() + + assert response["status"] == 200 + + (event,) = events + assert event["message"] == "hi" + assert event["user"] == { + "email": "lennon@thebeatles.com", + "username": "john_async", + "id": "1", + } diff --git a/tests/integrations/django/myapp/urls.py b/tests/integrations/django/myapp/urls.py index 26d5a1bf2c..5dd12331e1 100644 --- a/tests/integrations/django/myapp/urls.py +++ b/tests/integrations/django/myapp/urls.py @@ -110,6 +110,9 @@ def path(path, *args, **kwargs): ] # async views +if views.async_mylogin is not None: + urlpatterns.append(path("async_mylogin", views.async_mylogin, name="async_mylogin")) + if views.async_message is not None: urlpatterns.append(path("async_message", views.async_message, name="async_message")) diff --git a/tests/integrations/django/myapp/views.py b/tests/integrations/django/myapp/views.py index 6d199a3740..4e5524eed4 100644 --- a/tests/integrations/django/myapp/views.py +++ b/tests/integrations/django/myapp/views.py @@ -136,6 +136,19 @@ def mylogin(request): return HttpResponse("ok") +@csrf_exempt +async def async_mylogin(request): + user = await User.objects.acreate_user( + "john_async", "lennon@thebeatles.com", "johnpassword" + ) + user.backend = "django.contrib.auth.backends.ModelBackend" + + from django.contrib.auth import alogin + + await alogin(request, user) + return HttpResponse("ok") + + @csrf_exempt def handler500(request): return HttpResponseServerError("Sentry error.")