auth: require necessary authentication or in lan

middleware was not written properly, now requires authentication or
being in lan for readaccess, otherwise redirecting to login page
This commit is contained in:
Dariusz Niemczyk 2023-09-09 15:43:23 +02:00
parent 3c3ba16811
commit f8b3dd6bf7
No known key found for this signature in database
3 changed files with 11 additions and 6 deletions

View File

@ -65,7 +65,7 @@ class LanAuthentication(SessionAuthentication):
is_session_authorized = super().authenticate(request)
if is_session_authorized:
return is_session_authorized
is_authorized = self.has_permission(request)
is_authorized = has_permission(request)
if is_authorized:
user = getattr(request._request, "user", None)
return (user, "authorized")

View File

@ -1,12 +1,16 @@
from django.core.exceptions import PermissionDenied
from storage.authentication import has_permission
from django.http import HttpResponseRedirect
def is_authorized_or_in_lan_middleware(get_response):
# One-time configuration and initialization.
login_paths_to_ignore = [
'/admin/login/'
'/complete/'
"/admin/login",
"/static",
"/admin/static",
"/complete",
"/favicon.ico",
"/api",
]
def middleware(request):
@ -17,9 +21,9 @@ def is_authorized_or_in_lan_middleware(get_response):
return get_response(request)
else:
for login_path in login_paths_to_ignore:
if request.path.startswith(login_path):
if request.path.startswith(login_path):
return get_response(request)
else:
raise PermissionDenied()
return HttpResponseRedirect("/admin/login")
return middleware

View File

@ -136,6 +136,7 @@ class ItemImage(models.Model):
return "{}".format(self.image.name)
# Deprecated, left in db due to legacy reasons
class Label(models.Model):
id = models.CharField(max_length=64, primary_key=True)
item = models.ForeignKey(Item, related_name="labels", on_delete=models.CASCADE)