Login

Login Required Middleware

Author:
onecreativenerd
Posted:
November 10, 2008
Language:
Python
Version:
1.0
Tags:
middleware authentication
Score:
1 (after 1 ratings)

Sometimes it's a real pain to use the @login_required decorator all over the views of a complicated site. This middleware requires login on every page by default and supports a list of regular expression to figure out the exceptions. This way you don't have to worry about forgetting to decorate a view.

This snippet requires LOGIN_URL to be set in settings.py, and optionally allows you fill out LOGIN_EXEMPT_URLS, a tuple of regular expressions (similar to urls.py) that lists your exceptions.

Example:

`` LOGIN_EXEMPT_URLS = (

 r'^about\.html$',

 r'^legal/', # allow the entire /legal/* subsection

) ``

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
from django.http import HttpResponseRedirect
from django.conf import settings
from re import compile

EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
    EXEMPT_URLS += [compile(expr) for expr in settings.LOGIN_EXEMPT_URLS]

class LoginRequiredMiddleware:
    """
    Middleware that requires a user to be authenticated to view any page other
    than LOGIN_URL. Exemptions to this requirement can optionally be specified
    in settings via a list of regular expressions in LOGIN_EXEMPT_URLS (which
    you can copy from your urls.py).

    Requires authentication middleware and template context processors to be
    loaded. You'll get an error if they aren't.
    """
    def process_request(self, request):
        assert hasattr(request, 'user'), "The Login Required middleware\
 requires authentication middleware to be installed. Edit your\
 MIDDLEWARE_CLASSES setting to insert\
 'django.contrib.auth.middlware.AuthenticationMiddleware'. If that doesn't\
 work, ensure your TEMPLATE_CONTEXT_PROCESSORS setting includes\
 'django.core.context_processors.auth'."
        if not request.user.is_authenticated():
            path = request.path_info.lstrip('/')
            if not any(m.match(path) for m in EXEMPT_URLS):
                return HttpResponseRedirect(settings.LOGIN_URL)

More like this

  1. Login Required Middleware with Next Parameter by bernardoporto 2 years, 6 months ago
  2. Decorate class-based views with regular decorators by jeffheard 4 months, 3 weeks ago
  3. Require login by url by zbyte64 6 years, 9 months ago
  4. Enforce site wide login by chbrown 6 years, 6 months ago
  5. Url filter middleware by limodou 8 years, 2 months ago

Comments

xiaket (on November 18, 2009):

Well, this would conflict with Django's default test framework, when you are running tests, you might have to disable this middleware.

#

nyambayar (on August 6, 2010):

great, thanks for posting.

#

Please login first before commenting.