middleware.py 1.9 KB
Newer Older
Florent Chehab's avatar
Florent Chehab committed
1
from re import compile
Florent Chehab's avatar
Florent Chehab committed
2 3

from django.conf import settings
Florent Chehab's avatar
Florent Chehab committed
4 5 6
from django.http import HttpResponseRedirect, HttpResponse
from django.utils.deprecation import MiddlewareMixin
from rest_framework import permissions
Florent Chehab's avatar
Florent Chehab committed
7

Florent Chehab's avatar
Florent Chehab committed
8
EXEMPT_URLS = []
9 10
if hasattr(settings, "LOGIN_EXEMPT_URLS"):
    EXEMPT_URLS += [compile(str.lstrip("/")) for str in settings.LOGIN_EXEMPT_URLS]
Florent Chehab's avatar
Florent Chehab committed
11

Florent Chehab's avatar
Florent Chehab committed
12 13
AUTHORIZED_REQUEST_METHODS = list(permissions.SAFE_METHODS) + ["POST", "PUT", "DELETE"]

Florent Chehab's avatar
Florent Chehab committed
14

Florent Chehab's avatar
Florent Chehab committed
15
class RexDriRequestMiddleware(MiddlewareMixin):
Florent Chehab's avatar
Florent Chehab committed
16
    """
Florent Chehab's avatar
Florent Chehab committed
17 18 19 20 21 22
    This middleware performs different actions.

    - It checks that the HTTP request method is authorized on the plateform.


    - It requires a user to be authenticated to view any page other
Florent Chehab's avatar
Florent Chehab committed
23 24 25 26 27 28 29 30 31
    than LOGIN_URL. Exemptions to this requirement can optionally be specified
    in settings via a list of regular expressions in LOGIN_EXEMPT_URLS (which
    you can copy from your urls.py).

    Requires authentication middleware and template context processors to be
    loaded. You'll get an error if they aren't.
    """

    def process_request(self, request):
Florent Chehab's avatar
Florent Chehab committed
32 33 34 35
        # Check that the request.method is authorized on the site
        if request.method not in AUTHORIZED_REQUEST_METHODS:
            return HttpResponse("Unauthorized", status=401)

36 37
        assert hasattr(
            request, "user"
Florent Chehab's avatar
Florent Chehab committed
38
        ), "The RexDriRequestMiddleware\
Florent Chehab's avatar
Florent Chehab committed
39 40 41 42 43
 requires authentication middleware to be installed. Edit your\
 MIDDLEWARE_CLASSES setting to insert\
 'django.contrib.auth.middlware.AuthenticationMiddleware'. If that doesn't\
 work, ensure your TEMPLATE_CONTEXT_PROCESSORS setting includes\
 'django.core.context_processors.auth'."
Florent Chehab's avatar
Florent Chehab committed
44 45

        # If the user is not authenticated redirect him/her to the login page
Florent Chehab's avatar
Florent Chehab committed
46
        if not request.user.is_authenticated:
47
            path = request.path_info.lstrip("/")
Florent Chehab's avatar
Florent Chehab committed
48
            if not any(m.match(path) for m in EXEMPT_URLS):
49
                return HttpResponseRedirect(settings.LOGIN_URL + "?next=/" + path)