On Sat, Apr 1, 2023 at 11:38 PM Célestin Matte <celestin.matte@cmatte.me> wrote:
>
> There's an issue in pgarchives with auth when using PUBLIC_ARCHIVES=True.
> Even in public archives mode, auth is necessary as an antispam feature for downloading mbox, raw messages etc.
> However, in public archives mode, auth is not loaded, except when setting ALLOW_RESEND=True. But that variable has a
differentpurpose and the semantics is unclear.
> Several solutions exist:
> - adding a variable in settings to allow auth for these purposes
> - always loading auth. This is the solution I used in attached patch.
Ouch. That is definitely a think-o when I changed it to use this type
of auth for antispam. Oops.
I think at this point it would be more clear to just merge the changes
up to where they are originally instead of adding them later, that is
include things in MIDDLEWARE already in the static array.
It might be, for cleanliness perspective and possible future
expansion, good to keep the PGAUTH specific parts under an "if PGAUTH"
or something like that, and then just hardcode that one to True for
now. But things like session and authentication middleware are going
to be needed regardless of which authentication method i sused.
--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/