# -*- coding: utf-8 -*-# vim: tabstop=4 shiftwidth=4 softtabstop=4## Copyright (C) 2015-2023 GEM Foundation## OpenQuake is free software: you can redistribute it and/or modify it# under the terms of the GNU Affero General Public License as published# by the Free Software Foundation, either version 3 of the License, or# (at your option) any later version.## OpenQuake is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU Affero General Public License for more details.## You should have received a copy of the GNU Affero General Public License# along with OpenQuake. If not, see <http://www.gnu.org/licenses/>.importrefromdjango.confimportsettingsfromdjango.httpimportHttpResponseRedirect,HttpResponseForbiddenEXEMPT_URLS=[re.compile(settings.LOGIN_URL.lstrip('/'))]ifhasattr(settings,'LOGIN_EXEMPT_URLS'):EXEMPT_URLS+=[re.compile(expr.lstrip('/'))forexprinsettings.LOGIN_EXEMPT_URLS]
[docs]classLoginRequiredMiddleware:""" Middleware that requires a user to be authenticated to view any page other than LOGIN_URL. Exemptions to this requirement can be specified in settings via a list of regular expressions in LOGIN_EXEMPT_URLS. Requires authentication middleware and template context processors to be loaded. You'll get an error if they aren't. """def__init__(self,get_response):self.get_response=get_responsedef__call__(self,request):asserthasattr(request,'user'),"The Login Required middleware\ requires authentication middleware to be installed. Edit your\ MIDDLEWARE_CLASSES setting to insert\ 'django.contrib.auth.middlware.AuthenticationMiddleware'. If that doesn't\ work, ensure your TEMPLATE_CONTEXT_PROCESSORS setting includes\ 'django.core.context_processors.auth'."ifnotrequest.user.is_authenticated:path=request.path_info.lstrip('/')ifnotany(m.match(path)forminEXEMPT_URLS):# The programmatic API (under '/v1/') should not return a# redirect to the login page, but it should return an HTTP 403# response code, so the API consumer (like QGIS) can manage# the error properlyifpath.startswith('v1/'):returnHttpResponseForbidden()else:returnHttpResponseRedirect(settings.LOGIN_URL)returnself.get_response(request)