-
Notifications
You must be signed in to change notification settings - Fork 56
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add middleware for requiring authentication (#760)
- Loading branch information
Showing
6 changed files
with
54 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
from django.shortcuts import redirect | ||
from django.urls.base import reverse | ||
|
||
|
||
def AuthRequiredMiddleware(get_response): | ||
def middleware(request): | ||
login_path = reverse("login") | ||
email_recovery_path = reverse("recover_email") | ||
password_recovery_path = reverse("password_reset") | ||
home_path = reverse("landing_page") | ||
lang_path = reverse("set_language") | ||
privacy_statement = reverse("privacy_statement") | ||
|
||
if not request.user.is_authenticated: | ||
if ( | ||
not request.path.startswith("/account/reset/") | ||
# There won't be a request.user if auth tokens are used, but | ||
# Django REST framework will make sure that there is an | ||
# authenticated user with out DEFAULT_PERMISSION_CLASSES setting | ||
and not request.path.startswith("/api/") | ||
and request.path | ||
not in ( | ||
"/", | ||
home_path, | ||
login_path, | ||
lang_path, | ||
email_recovery_path, | ||
password_recovery_path, | ||
privacy_statement, | ||
) | ||
): | ||
return redirect(login_path) | ||
|
||
return get_response(request) | ||
|
||
return middleware |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ | |
from django.contrib.auth.middleware import AuthenticationMiddleware | ||
from django.contrib.sessions.middleware import SessionMiddleware | ||
from django.test import Client | ||
from pytest_django.asserts import assertContains, assertNotContains | ||
from pytest_django.asserts import assertContains | ||
|
||
|
||
def test_login_view(rf, clientuser): | ||
|
@@ -23,46 +23,46 @@ def test_login(superuser): | |
client = Client() | ||
|
||
response = client.post( | ||
"/account/login/", | ||
{"auth-username": "[email protected]", "auth-password": "TestTest123!!", "login_view-current_step": "auth"}, | ||
"/login/", | ||
{ | ||
"auth-username": "[email protected]", | ||
"auth-password": "TestTest123!!", | ||
"login_rocky_view-current_step": "auth", | ||
}, | ||
) | ||
|
||
assert response.status_code == 200 | ||
assertNotContains(response, "Explanation:") | ||
assertContains(response, "Login") | ||
assertContains(response, "Error") | ||
assertContains(response, "Please enter a correct email and password.") | ||
assertContains(response, "Please enter a correct email address and password.") | ||
|
||
response = client.post( | ||
"/account/login/", | ||
{"auth-username": "[email protected]", "auth-password": "Test!!", "login_view-current_step": "auth"}, | ||
"/login/", | ||
{"auth-username": "[email protected]", "auth-password": "Test!!", "login_rocky_view-current_step": "auth"}, | ||
) | ||
|
||
assert response.status_code == 200 | ||
assertNotContains(response, "Explanation:") | ||
assertContains(response, "Login") | ||
assertContains(response, "Error") | ||
assertContains(response, "Please enter a correct email and password.") | ||
assertContains(response, "Please enter a correct email address and password.") | ||
|
||
response = client.post( | ||
"/account/login/", | ||
"/login/", | ||
{ | ||
"auth-username": superuser.email, | ||
"auth-password": "SuperSuper123!!", | ||
"login_view-current_step": "auth", | ||
"login_rocky_view-current_step": "auth", | ||
}, | ||
) | ||
|
||
assert response.status_code == 200 | ||
|
||
assertContains(response, "Explanation:") | ||
assertContains(response, "Login") | ||
assertContains(response, "Please enter the token generated by your token generator.") | ||
assertContains(response, "Submit") | ||
|
||
response = client.post( | ||
"/account/login/", | ||
{"token-otp_token": "123456", "login_view-current_step": "token"}, | ||
"/login/", | ||
{"token-otp_token": "123456", "login_rocky_view-current_step": "token"}, | ||
) | ||
|
||
assert response.status_code == 200 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters