From d4aa335a50c0586f2352997e6173a227c0576454 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 9 Apr 2015 12:59:33 +0200
Subject: [PATCH 2/3] Set a request id on all requests (#6922)

The request id is extracted from an header set using the
REQUEST_ID_HEADER setting or generated using the default Python random
number generator.
---
 src/authentic2/middleware.py | 14 ++++++++++++++
 src/authentic2/settings.py   |  1 +
 2 files changed, 15 insertions(+)

diff --git a/src/authentic2/middleware.py b/src/authentic2/middleware.py
index 88fc8f8..cc109ce 100644
--- a/src/authentic2/middleware.py
+++ b/src/authentic2/middleware.py
@@ -1,10 +1,12 @@
 import logging
 import datetime
+import random
+import struct
 try:
     import threading
 except ImportError:
     threading = None
 
 from django.conf import settings
 from django.contrib import messages
 from django.utils.translation import ugettext as _
@@ -103,16 +105,28 @@ class OpenedSessionCookieMiddleware(object):
                     max_age=None,
                     domain=app_settings.A2_OPENED_SESSION_COOKIE_DOMAIN)
         elif app_settings.A2_OPENED_SESSION_COOKIE_NAME in request.COOKIES:
             response.delete_cookie(
                     app_settings.A2_OPENED_SESSION_COOKIE_NAME,
                     domain=app_settings.A2_OPENED_SESSION_COOKIE_DOMAIN)
         return response
 
+class RequestIdMiddleware(object):
+    def process_request(self, request):
+        if not hasattr(request, 'request_id'):
+            request_id_header = getattr(settings, 'REQUEST_ID_HEADER', None)
+            if request_id_header and request.META.get(request_id_header):
+                request.request_id = request.META[request_id_header]
+            else:
+                # Use Mersennes Twister rng, no need for a cryptographic grade
+                # rng in this case
+                random_id = random.getrandbits(32)
+                request.request_id = struct.pack('I', random_id).encode('hex')
+
 class StoreRequestMiddleware(object):
     collection = {}
 
     def process_request(self, request):
         StoreRequestMiddleware.collection[threading.currentThread()] = request
 
     def process_response(self, request, response):
         StoreRequestMiddleware.collection.pop(threading.currentThread(), None)
diff --git a/src/authentic2/settings.py b/src/authentic2/settings.py
index 1152c9c..096766d 100644
--- a/src/authentic2/settings.py
+++ b/src/authentic2/settings.py
@@ -49,16 +49,17 @@ TEMPLATE_CONTEXT_PROCESSORS = (
     'django.core.context_processors.request',
     'django.contrib.messages.context_processors.messages',
     'django.core.context_processors.static',
     'authentic2.context_processors.a2_processor',
     'sekizai.context_processors.sekizai',
 )
 
 MIDDLEWARE_CLASSES = (
+    'authentic2.middleware.RequestIdMiddleware',
     'authentic2.middleware.LoggingCollectorMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.http.ConditionalGetMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
-- 
1.9.1