auth: fix auth paths

2023-09-09 15:43:23 +02:00 · 2023-09-09 15:43:23 +02:00 · f1335f0565
parent daea8dda22
commit f1335f0565
2 changed files with 12 additions and 11 deletions
--- a/spejstore/settings.py
+++ b/spejstore/settings.py
@ -63,9 +63,9 @@ MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "whitenoise.middleware.WhiteNoiseMiddleware",
    "django.middleware.cache.UpdateCacheMiddleware",
-    "storage.middleware.is_authorized_or_in_lan_middleware",
    "django.middleware.gzip.GZipMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
+    "storage.middleware.is_authorized_or_in_lan_middleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
--- a/storage/middleware.py
+++ b/storage/middleware.py
@ -4,21 +4,22 @@ from storage.authentication import has_permission

 def is_authorized_or_in_lan_middleware(get_response):
    # One-time configuration and initialization.
+    login_paths_to_ignore = [
+          '/admin/login/'
+          '/complete/'
+    ]

    def middleware(request):
-        # Code to be executed for each request before
-        # the view (and later middleware) are called.
-
-        response = get_response(request)
        if request.user.is_authenticated:
-            return response
+            return get_response(request)
        is_within_lan = has_permission(request)
        if is_within_lan:
-            return response
+            return get_response(request)
        else:
-            raise PermissionDenied()
-
-        # Code to be executed for each request/response after
-        # the view is called.
+            for login_path in login_paths_to_ignore:
+             if request.path.startswith(login_path):
+                    return get_response(request)
+            else:
+                raise PermissionDenied()

    return middleware