SocialAuthExceptionMiddleware.process_exception begins with:
24: self.strategy = getattr(request, 'social_strategy', None)
25: if self.strategy is None or self.raise_exception(request, exception):
26: return
Because middleware objects are not instantiated per request, assigning to self.strategy is unsafe.
Assume an exception is raised from python-social-auth in one thread, and another exception unrelated to python-social-auth is raised in another thread. The following sequence is possible:
Thread 1 executes line 24 (assigning a value to self.strategy)
Thread 2 executes line 24 (assigning None to self.strategy)
Thread 1 executes line 25, and thus incorrectly chooses to return rather than process the exception
SocialAuthExceptionMiddleware.process_exception begins with:
Because middleware objects are not instantiated per request, assigning to self.strategy is unsafe.
Assume an exception is raised from python-social-auth in one thread, and another exception unrelated to python-social-auth is raised in another thread. The following sequence is possible:
Thread 1 executes line 24 (assigning a value to self.strategy)
Thread 2 executes line 24 (assigning None to self.strategy)
Thread 1 executes line 25, and thus incorrectly chooses to return rather than process the exception