auth: require necessary authentication or in lan

middleware was not written properly, now requires authentication or
being in lan for readaccess, otherwise redirecting to login page
This commit is contained in:
Dariusz Niemczyk 2023-09-09 15:43:23 +02:00
parent 3c3ba16811
commit f8b3dd6bf7
No known key found for this signature in database
3 changed files with 11 additions and 6 deletions

View File

@ -65,7 +65,7 @@ class LanAuthentication(SessionAuthentication):
is_session_authorized = super().authenticate(request) is_session_authorized = super().authenticate(request)
if is_session_authorized: if is_session_authorized:
return is_session_authorized return is_session_authorized
is_authorized = self.has_permission(request) is_authorized = has_permission(request)
if is_authorized: if is_authorized:
user = getattr(request._request, "user", None) user = getattr(request._request, "user", None)
return (user, "authorized") return (user, "authorized")

View File

@ -1,12 +1,16 @@
from django.core.exceptions import PermissionDenied
from storage.authentication import has_permission from storage.authentication import has_permission
from django.http import HttpResponseRedirect
def is_authorized_or_in_lan_middleware(get_response): def is_authorized_or_in_lan_middleware(get_response):
# One-time configuration and initialization. # One-time configuration and initialization.
login_paths_to_ignore = [ login_paths_to_ignore = [
'/admin/login/' "/admin/login",
'/complete/' "/static",
"/admin/static",
"/complete",
"/favicon.ico",
"/api",
] ]
def middleware(request): def middleware(request):
@ -20,6 +24,6 @@ def is_authorized_or_in_lan_middleware(get_response):
if request.path.startswith(login_path): if request.path.startswith(login_path):
return get_response(request) return get_response(request)
else: else:
raise PermissionDenied() return HttpResponseRedirect("/admin/login")
return middleware return middleware

View File

@ -136,6 +136,7 @@ class ItemImage(models.Model):
return "{}".format(self.image.name) return "{}".format(self.image.name)
# Deprecated, left in db due to legacy reasons
class Label(models.Model): class Label(models.Model):
id = models.CharField(max_length=64, primary_key=True) id = models.CharField(max_length=64, primary_key=True)
item = models.ForeignKey(Item, related_name="labels", on_delete=models.CASCADE) item = models.ForeignKey(Item, related_name="labels", on_delete=models.CASCADE)