From 43004e3ffa344ca50b2ee9b0d5a83c16325978d8 Mon Sep 17 00:00:00 2001
From: JensDiemer <git@jensdiemer.de>
Date: Fri, 8 Jan 2021 10:34:00 +0100
Subject: [PATCH 1/2] Bugfix #7 CSRF verification failed on POST requests

We must persist user in the session, after update.
---
 django_ynh/sso_auth/auth_middleware.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/django_ynh/sso_auth/auth_middleware.py b/django_ynh/sso_auth/auth_middleware.py
index 839aa99..a3f4da2 100644
--- a/django_ynh/sso_auth/auth_middleware.py
+++ b/django_ynh/sso_auth/auth_middleware.py
@@ -3,6 +3,8 @@ import logging
 
 from axes.exceptions import AxesBackendPermissionDenied
 from django.conf import settings
+from django.contrib import auth
+from django.contrib.auth import get_user_model
 from django.contrib.auth.middleware import RemoteUserMiddleware
 
 from django_ynh.sso_auth.user_profile import call_setup_user, update_user_profile
@@ -11,6 +13,9 @@ from django_ynh.sso_auth.user_profile import call_setup_user, update_user_profil
 logger = logging.getLogger(__name__)
 
 
+UserModel = get_user_model()
+
+
 class SSOwatRemoteUserMiddleware(RemoteUserMiddleware):
     """
     Middleware to login a user via HTTP_REMOTE_USER header.
@@ -63,12 +68,12 @@ class SSOwatRemoteUserMiddleware(RemoteUserMiddleware):
 
         # Also check 'HTTP_AUTHORIZATION', but only the username ;)
         try:
-            auth = request.META['HTTP_AUTHORIZATION']
+            authorization = request.META['HTTP_AUTHORIZATION']
         except KeyError:
             logger.error('HTTP_AUTHORIZATION missing!')
             raise AxesBackendPermissionDenied('No HTTP_AUTHORIZATION')
 
-        scheme, creds = auth.split(' ', 1)
+        scheme, creds = authorization.split(' ', 1)
         if scheme.lower() != 'basic':
             logger.error('HTTP_AUTHORIZATION with %r not supported', scheme)
             raise AxesBackendPermissionDenied('HTTP_AUTHORIZATION scheme not supported')
@@ -84,3 +89,8 @@ class SSOwatRemoteUserMiddleware(RemoteUserMiddleware):
             user = update_user_profile(request, user)
 
             user = call_setup_user(user=user)
+            assert isinstance(user, UserModel)
+
+            # persist user in the session
+            request.user = user
+            auth.login(request, user)

From 0e30eb76a44b76dbdd96e64868415cdd770259cc Mon Sep 17 00:00:00 2001
From: JensDiemer <git@jensdiemer.de>
Date: Fri, 8 Jan 2021 11:08:18 +0100
Subject: [PATCH 2/2] prepare v0.1.4 release

---
 README.md              | 4 +++-
 django_ynh/__init__.py | 2 +-
 manifest.json          | 2 +-
 pyproject.toml         | 2 +-
 scripts/_common.sh     | 2 +-
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 3f20692..545651d 100644
--- a/README.md
+++ b/README.md
@@ -121,8 +121,10 @@ Notes:
 
 ## history
 
-* [compare v0.1.3...master](https://github.com/YunoHost-Apps/django_ynh/compare/v0.1.3...master) **dev**
+* [compare v0.1.4...master](https://github.com/YunoHost-Apps/django_ynh/compare/v0.1.4...master) **dev**
   * tbc
+* [v0.1.4 - 08.01.2021](https://github.com/YunoHost-Apps/django_ynh/compare/v0.1.3...v0.1.4)
+  * Bugfix [CSRF verification failed on POST requests #7](https://github.com/YunoHost-Apps/django_ynh/issues/7)
 * [v0.1.3 - 08.01.2021](https://github.com/YunoHost-Apps/django_ynh/compare/v0.1.2...v0.1.3)
   * set "DEBUG = True" in local_test (so static files are served and auth works)
   * Bugfixes and cleanups
diff --git a/django_ynh/__init__.py b/django_ynh/__init__.py
index 8ce9b36..7525d19 100644
--- a/django_ynh/__init__.py
+++ b/django_ynh/__init__.py
@@ -1 +1 @@
-__version__ = '0.1.3'
+__version__ = '0.1.4'
diff --git a/manifest.json b/manifest.json
index 7c3182d..b4c7049 100644
--- a/manifest.json
+++ b/manifest.json
@@ -5,7 +5,7 @@
 	"description": {
 		"en": "Glue code to package django projects as yunohost apps."
 	},
-	"version": "0.1.3~ynh1",
+	"version": "0.1.4~ynh1",
 	"url": "https://github.com/jedie/django_ynh",
 	"license": "GPL-3.0",
 	"maintainer": {
diff --git a/pyproject.toml b/pyproject.toml
index e8bd4e9..6ac0e66 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "django_ynh"
-version = "0.1.3"
+version = "0.1.4"
 description = "Glue code to package django projects as yunohost apps."
 authors = ["JensDiemer <git@jensdiemer.de>"]
 license = "GPL"
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 2dcb62e..bf80263 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -28,7 +28,7 @@ log_file="${log_path}/django_ynh.log"
 pkg_dependencies="build-essential python3-dev python3-pip python3-venv git postgresql postgresql-contrib"
 
 # To install/upgrade this project via pip:
-pip_install_string="django_ynh==0.1.3"
+pip_install_string="django_ynh==0.1.4"
 
 #=================================================
 # Redis HELPERS