auth: fix auth paths

This commit is contained in:
Dariusz Niemczyk 2023-09-09 15:43:23 +02:00
parent daea8dda22
commit f1335f0565
No known key found for this signature in database
2 changed files with 12 additions and 11 deletions

View File

@ -63,9 +63,9 @@ MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"whitenoise.middleware.WhiteNoiseMiddleware",
"django.middleware.cache.UpdateCacheMiddleware",
"storage.middleware.is_authorized_or_in_lan_middleware",
"django.middleware.gzip.GZipMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"storage.middleware.is_authorized_or_in_lan_middleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",

View File

@ -4,21 +4,22 @@ from storage.authentication import has_permission
def is_authorized_or_in_lan_middleware(get_response):
# One-time configuration and initialization.
login_paths_to_ignore = [
'/admin/login/'
'/complete/'
]
def middleware(request):
# Code to be executed for each request before
# the view (and later middleware) are called.
response = get_response(request)
if request.user.is_authenticated:
return response
return get_response(request)
is_within_lan = has_permission(request)
if is_within_lan:
return response
return get_response(request)
else:
for login_path in login_paths_to_ignore:
if request.path.startswith(login_path):
return get_response(request)
else:
raise PermissionDenied()
# Code to be executed for each request/response after
# the view is called.
return middleware