From f8b3dd6bf7dbb7f23a4ceaff57c9ebd9a5890a76 Mon Sep 17 00:00:00 2001
From: Dariusz Niemczyk <palid@hackerspace.pl>
Date: Sat, 9 Sep 2023 15:43:23 +0200
Subject: [PATCH] auth: require necessary authentication or in lan

middleware was not written properly, now requires authentication or
being in lan for readaccess, otherwise redirecting to login page
---
 storage/authentication.py |  2 +-
 storage/middleware.py     | 14 +++++++++-----
 storage/models.py         |  1 +
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/storage/authentication.py b/storage/authentication.py
index ec2c262..d61920c 100644
--- a/storage/authentication.py
+++ b/storage/authentication.py
@@ -65,7 +65,7 @@ class LanAuthentication(SessionAuthentication):
         is_session_authorized = super().authenticate(request)
         if is_session_authorized:
             return is_session_authorized
-        is_authorized = self.has_permission(request)
+        is_authorized = has_permission(request)
         if is_authorized:
             user = getattr(request._request, "user", None)
             return (user, "authorized")
diff --git a/storage/middleware.py b/storage/middleware.py
index c805f9b..f95dfa8 100644
--- a/storage/middleware.py
+++ b/storage/middleware.py
@@ -1,12 +1,16 @@
-from django.core.exceptions import PermissionDenied
 from storage.authentication import has_permission
+from django.http import HttpResponseRedirect
 
 
 def is_authorized_or_in_lan_middleware(get_response):
     # One-time configuration and initialization.
     login_paths_to_ignore = [
-          '/admin/login/'
-          '/complete/'
+        "/admin/login",
+        "/static",
+        "/admin/static",
+        "/complete",
+        "/favicon.ico",
+        "/api",
     ]
 
     def middleware(request):
@@ -17,9 +21,9 @@ def is_authorized_or_in_lan_middleware(get_response):
             return get_response(request)
         else:
             for login_path in login_paths_to_ignore:
-             if request.path.startswith(login_path):
+                if request.path.startswith(login_path):
                     return get_response(request)
             else:
-                raise PermissionDenied()
+                return HttpResponseRedirect("/admin/login")
 
     return middleware
diff --git a/storage/models.py b/storage/models.py
index af86ec6..31f7ce4 100644
--- a/storage/models.py
+++ b/storage/models.py
@@ -136,6 +136,7 @@ class ItemImage(models.Model):
         return "{}".format(self.image.name)
 
 
+# Deprecated, left in db due to legacy reasons
 class Label(models.Model):
     id = models.CharField(max_length=64, primary_key=True)
     item = models.ForeignKey(Item, related_name="labels", on_delete=models.CASCADE)