From c67c401f89683ec5e1ad51fcc7291bb6fdbede74 Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@edx.org>
Date: Mon, 22 Mar 2021 14:44:52 -0400
Subject: [PATCH] temp: remove false positives on safe sessions middleware
 (#27105)

* temp: remove false positives on safe sessions middleware

This is a temporary fix to deal with false positives in the system due
to the masquerading feature.  Long term we may not want to rely on
knowing about how masquerding works in the safe sessions middleware and
instead manage masquerding of the requset user in some other way.

Co-authored-by: Robert Raposa <rraposa@edx.org>
---
 openedx/core/djangoapps/safe_sessions/middleware.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/openedx/core/djangoapps/safe_sessions/middleware.py b/openedx/core/djangoapps/safe_sessions/middleware.py
index a290745c4c..94ff67adef 100644
--- a/openedx/core/djangoapps/safe_sessions/middleware.py
+++ b/openedx/core/djangoapps/safe_sessions/middleware.py
@@ -368,6 +368,10 @@ class SafeSessionMiddleware(SessionMiddleware, MiddlewareMixin):
         given userid_in_session.
         """
         if hasattr(request, 'safe_cookie_verified_user_id'):
+            if hasattr(request.user, 'real_user'):
+                # If a view overrode the request.user with a masqueraded user, this will
+                #   revert/clean-up that change during response processing.
+                request.user = request.user.real_user
             if request.safe_cookie_verified_user_id != request.user.id:
                 # The user at response time is expected to be None when the user
                 # is logging out. To prevent extra noise in the logs,