pmuller · elwinarens · Jun 21, 2018
diff --git a/django_crowd_auth/backends.py b/django_crowd_auth/backends.py
@@ -7,6 +7,7 @@
 
 from django_crowd_auth.client import Client
 from django_crowd_auth import user
+from requests.exceptions import ConnectionError
 
 
 LOGGER = logging.getLogger(__name__)
@@ -19,16 +20,25 @@ class Backend(ModelBackend):
     def authenticate(self, request, **credentials):
         """Authenticate an user.
         """
-        client = Client.from_settings()
-        remote_addr = request.META['REMOTE_ADDR']
-
-        if 'token' in credentials:
-            session = client.validate_session(
-                credentials['token'], remote_addr)
-        elif 'username' in credentials and 'password' in credentials:
-            session = client.get_session(
-                credentials['username'], credentials['password'], remote_addr)
-        else:
+
+        try:
+            # Only try and init cookie config if it is None
+            client = Client.from_settings()
+            if client.cookie_config is None:
+                client.init_cookie_config()
+
+            remote_addr = request.META['REMOTE_ADDR']
+            if 'token' in credentials:
+                session = client.validate_session(
+                    credentials['token'], remote_addr)
+            elif 'username' in credentials and 'password' in credentials:
+                session = client.get_session(
+                    credentials['username'], credentials['password'],
+                    remote_addr)
+        except ConnectionError as ex:
+            LOGGER.exception(ex)
+            if getattr(settings, 'CROWD_RAISE_CONNECTION_ERROR', True):
+                raise ex
             session = None
 
         if session:

diff --git a/django_crowd_auth/client.py b/django_crowd_auth/client.py
@@ -6,14 +6,21 @@ class Client(crowd.CrowdServer):
     """Crowd client.
     """
 
-    def get_cookie_config(self):
+    cookie_config = None
+
+    def init_cookie_config(self):
         """Get Crowd's cookie configuration.
         """
         url = self.rest_url + '/config/cookie.json'
         response = self._get(url)
-
         if response.ok:
-            return response.json()
+            Client.cookie_config = self.cookie_config = response.json()
+            assert 'domain' in self.cookie_config, \
+                'Missing crowd cookie config property domain'
+            assert 'name' in self.cookie_config, \
+                'Missing crowd cookie config property name'
+            assert 'secure' in self.cookie_config, \
+                'Missing crowd cookie config property secure'
 
     @classmethod
     def from_settings(cls):

diff --git a/django_crowd_auth/middlewares.py b/django_crowd_auth/middlewares.py
@@ -13,16 +13,15 @@
 def sso(get_response):
     """Crowd SSO middleware.
     """
-    client = Client.from_settings()
-    cookie_config = client.get_cookie_config()
-    cookie_name = cookie_config['name']
-    cookie_domain = cookie_config['domain']
-    cookie_secure = cookie_config['secure']
-    LOGGER.debug('Crowd cookie config %r', cookie_config)
 
     def middleware(request):
         """Authenticate users having a Crowd cookie.
         """
+        if Client.cookie_config is None:
+            return get_response(request)
+
+        cookie_config = Client.cookie_config
+
         crowd_session_last_validation = \
             request.session.get('crowd_session_last_validation')
 
@@ -40,7 +39,7 @@ def middleware(request):
                     request.user.username)
                 logout(request)
 
-        cookie_token = request.COOKIES.get(cookie_name)
+        cookie_token = request.COOKIES.get(cookie_config.get('name'))
 
         if not request.user.is_authenticated and cookie_token:
             LOGGER.debug('Trying to auth from cookie %s', cookie_token)
@@ -60,13 +59,15 @@ def middleware(request):
                 cookie_token = request.session['crowd_session_token']
 
             response.set_cookie(
-                key=cookie_name, value=cookie_token,
+                key=cookie_config.get('name'), value=cookie_token,
                 max_age=None, expires=crowd_session_expiry, path='/',
-                domain=cookie_domain, secure=cookie_secure, httponly=True)
+                domain=cookie_config.get('domain'),
+                secure=cookie_config.get('secure'), httponly=True)
 
         else:
             response.delete_cookie(
-                key=cookie_name, path='/', domain=cookie_domain)
+                key=cookie_config.get('name'), path='/',
+                domain=cookie_config.get('domain'))
 
         return response