From ee3299223ab811a12d96937e2d323eacf0b6e42b Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Wed, 20 Jan 2021 18:14:22 +0000 Subject: [PATCH] web/quotes: require login for all pages ...except things under /accounts/, because I generally just trust that to do access control for me. --- web/quotes/quotesapp/middleware.py | 15 +++++++++++++++ web/quotes/quotesapp/settings.py | 1 + web/quotes/quotesapp/urls.py | 5 ++--- web/quotes/templates/account/logged_out.html | 6 ++++++ web/quotes/templates/base.html | 1 + 5 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 web/quotes/quotesapp/middleware.py create mode 100644 web/quotes/templates/account/logged_out.html diff --git a/web/quotes/quotesapp/middleware.py b/web/quotes/quotesapp/middleware.py new file mode 100644 index 0000000000..8e0c253955 --- /dev/null +++ b/web/quotes/quotesapp/middleware.py @@ -0,0 +1,15 @@ +from django.contrib.auth.decorators import login_required + + +class LoginRequiredMiddleware: + def __init__(self, get_response): + self.get_response = get_response + + def is_open_url(self, path_info): + return path_info.startswith('/accounts/') + + def __call__(self, request): + if not self.is_open_url(request.path_info): + return login_required()(self.get_response)(request) + + return self.get_response(request) diff --git a/web/quotes/quotesapp/settings.py b/web/quotes/quotesapp/settings.py index b147ce54ca..1f75d59836 100644 --- a/web/quotes/quotesapp/settings.py +++ b/web/quotes/quotesapp/settings.py @@ -60,6 +60,7 @@ MIDDLEWARE = [ "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", + "quotes.quotesapp.middleware.LoginRequiredMiddleware", ] ROOT_URLCONF = "quotes.quotesapp.urls" diff --git a/web/quotes/quotesapp/urls.py b/web/quotes/quotesapp/urls.py index 4cd14ec42a..cf3439cde8 100644 --- a/web/quotes/quotesapp/urls.py +++ b/web/quotes/quotesapp/urls.py @@ -16,15 +16,14 @@ Including another URLconf from django.contrib import admin from django.contrib.auth.decorators import login_required from django.urls import include, re_path, path +from django.views.generic import TemplateView import allauth.urls import quotes.quotedb.urls -# Monkeypatch the login_required decorator onto /admin. -admin.site.login = login_required(admin.site.login) - urlpatterns = [ path("admin/", admin.site.urls), path("accounts/", include(allauth.urls)), + path("accounts/logged_out/", TemplateView.as_view(template_name='account/logged_out.html')), re_path(r"", include(quotes.quotedb.urls)), ] diff --git a/web/quotes/templates/account/logged_out.html b/web/quotes/templates/account/logged_out.html new file mode 100644 index 0000000000..6970533e83 --- /dev/null +++ b/web/quotes/templates/account/logged_out.html @@ -0,0 +1,6 @@ +{% extends "alert.html" %} + +{% block title %}Logged out{% endblock %} + +{% block content_title %}Logged Out{% endblock %} +{% block content_text %}Bye, I guess.{% endblock %} diff --git a/web/quotes/templates/base.html b/web/quotes/templates/base.html index decfbbf79f..53208eec92 100644 --- a/web/quotes/templates/base.html +++ b/web/quotes/templates/base.html @@ -24,6 +24,7 @@ {% if user.is_authenticated %}
{% csrf_token %} +
{% else %}