auth: fix auth paths

spejstore/settings.py

@@ -63,9 +63,9 @@ MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "whitenoise.middleware.WhiteNoiseMiddleware",
     "django.middleware.cache.UpdateCacheMiddleware",
-    "storage.middleware.is_authorized_or_in_lan_middleware",
     "django.middleware.gzip.GZipMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
+    "storage.middleware.is_authorized_or_in_lan_middleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",

storage/middleware.py

@@ -4,21 +4,22 @@ from storage.authentication import has_permission
 
 def is_authorized_or_in_lan_middleware(get_response):
     # One-time configuration and initialization.
+    login_paths_to_ignore = [
+          '/admin/login/'
+          '/complete/'
+    ]
 
     def middleware(request):
-        # Code to be executed for each request before
-        # the view (and later middleware) are called.
-
-        response = get_response(request)
         if request.user.is_authenticated:
-            return response
+            return get_response(request)
         is_within_lan = has_permission(request)
         if is_within_lan:
-            return response
+            return get_response(request)
         else:
-            raise PermissionDenied()
+            for login_path in login_paths_to_ignore:
-
+             if request.path.startswith(login_path):
-        # Code to be executed for each request/response after
+                    return get_response(request)
-        # the view is called.
+            else:
+                raise PermissionDenied()
 
     return middleware