From f1335f05650dae33afa15d2851c4c2c74cc2e112 Mon Sep 17 00:00:00 2001 From: Dariusz Niemczyk Date: Sat, 9 Sep 2023 15:43:23 +0200 Subject: [PATCH] auth: fix auth paths --- spejstore/settings.py | 2 +- storage/middleware.py | 21 +++++++++++---------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/spejstore/settings.py b/spejstore/settings.py index 46e7d64..ecb1b77 100644 --- a/spejstore/settings.py +++ b/spejstore/settings.py @@ -63,9 +63,9 @@ MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "whitenoise.middleware.WhiteNoiseMiddleware", "django.middleware.cache.UpdateCacheMiddleware", - "storage.middleware.is_authorized_or_in_lan_middleware", "django.middleware.gzip.GZipMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", + "storage.middleware.is_authorized_or_in_lan_middleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", diff --git a/storage/middleware.py b/storage/middleware.py index 13dc9d7..c805f9b 100644 --- a/storage/middleware.py +++ b/storage/middleware.py @@ -4,21 +4,22 @@ from storage.authentication import has_permission def is_authorized_or_in_lan_middleware(get_response): # One-time configuration and initialization. + login_paths_to_ignore = [ + '/admin/login/' + '/complete/' + ] def middleware(request): - # Code to be executed for each request before - # the view (and later middleware) are called. - - response = get_response(request) if request.user.is_authenticated: - return response + return get_response(request) is_within_lan = has_permission(request) if is_within_lan: - return response + return get_response(request) else: - raise PermissionDenied() - - # Code to be executed for each request/response after - # the view is called. + for login_path in login_paths_to_ignore: + if request.path.startswith(login_path): + return get_response(request) + else: + raise PermissionDenied() return middleware