Replace login_required decorator with a validating one

This one will validate that the url is under /accounts/, which is
the only part we are going to be excluding from caching once we
move the website to https-only.

diff --git a/pgweb/account/views.py b/pgweb/account/views.py
index b5e4ffb731ef2acbf44a5c22452a37cc33c940f5..21ba7532ba16f27825390d94feda3d5b2aa8c601 100644 (file)
--- a/pgweb/account/views.py
+++ b/pgweb/account/views.py
@@ -2,7 +2,7 @@ from django.contrib.auth.models import User
 import django.contrib.auth.views as authviews
 from django.http import HttpResponseRedirect, Http404, HttpResponse
 from django.shortcuts import render_to_response, get_object_or_404
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 from django.utils.encoding import force_bytes
 from django.utils.http import urlsafe_base64_encode
 from django.contrib.auth.tokens import default_token_generator

diff --git a/pgweb/core/views.py b/pgweb/core/views.py
index 15bd71bbc120a3b12ba939358ce16fa9f10a567a..a36e9792fd5745ed1cdb7eda0ab01b8337bfbdd3 100644 (file)
--- a/pgweb/core/views.py
+++ b/pgweb/core/views.py
@@ -2,7 +2,8 @@ from django.shortcuts import render_to_response
 from django.http import HttpResponse, Http404, HttpResponseRedirect
 from django.http import HttpResponseNotModified
 from django.template import TemplateDoesNotExist, loader
-from django.contrib.auth.decorators import login_required, user_passes_test
+from django.contrib.auth.decorators import user_passes_test
+from pgweb.util.decorators import login_required
 from django.contrib import messages
 from django.views.decorators.csrf import csrf_exempt
 from django.db.models import Count

diff --git a/pgweb/docs/views.py b/pgweb/docs/views.py
index bd4dddf6eac6cd590a56979d2dfcda1e9f7a5403..cf8930bfc77e9589959c469f6106528cb35f1c7f 100644 (file)
--- a/pgweb/docs/views.py
+++ b/pgweb/docs/views.py
@@ -2,7 +2,7 @@ from django.shortcuts import render_to_response, get_object_or_404
 from django.http import HttpResponseRedirect, HttpResponsePermanentRedirect
 from django.http import Http404
 from django.template.context import RequestContext
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 from django.db.models import Q
 from django.conf import settings
 

diff --git a/pgweb/downloads/views.py b/pgweb/downloads/views.py
index e5c21fd71aaedacff17080f19450986f7bc9afde..d1ac61b5d0faf5acd4df3d2122d8e9587f2a944f 100644 (file)
--- a/pgweb/downloads/views.py
+++ b/pgweb/downloads/views.py
@@ -1,6 +1,6 @@
 from django.shortcuts import render_to_response, get_object_or_404
 from django.http import HttpResponse, Http404, HttpResponseRedirect
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 from django.views.decorators.csrf import csrf_exempt
 from django.db import transaction
 from django.conf import settings

diff --git a/pgweb/events/views.py b/pgweb/events/views.py
index 5af2b5e430ff1c84aa728f2fdee3fdbe8eab4777..bff7d10d7a16354c1b899ab1acd408ff862084b6 100644 (file)
--- a/pgweb/events/views.py
+++ b/pgweb/events/views.py
@@ -1,6 +1,6 @@
 from django.shortcuts import render_to_response, get_object_or_404
 from django.http import Http404
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 
 from datetime import date
 

diff --git a/pgweb/misc/views.py b/pgweb/misc/views.py
index 33acf65f92c3392ae9e02d8199fccc9f249e8325..7915f4a7a4dbe42deda4f018f9e02d63e3b5af8c 100644 (file)
--- a/pgweb/misc/views.py
+++ b/pgweb/misc/views.py
@@ -1,5 +1,5 @@
 from django.shortcuts import render_to_response
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 from django.http import HttpResponse
 from django.db import connection
 from django.conf import settings

diff --git a/pgweb/news/views.py b/pgweb/news/views.py
index 6c87e97c8837af2e416e65ff00de6e0a24c5096d..0e9c18899ccaeceabe8d166e7ab198f77f9a432d 100644 (file)
--- a/pgweb/news/views.py
+++ b/pgweb/news/views.py
@@ -1,6 +1,6 @@
 from django.shortcuts import render_to_response, get_object_or_404
 from django.http import Http404
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 
 from pgweb.util.contexts import NavContext
 from pgweb.util.helpers import simple_form

diff --git a/pgweb/profserv/views.py b/pgweb/profserv/views.py
index 3a8f8ddc0b79532aec13e03ebea81fd1e2635b69..18ae4083c1d4db6548aea12581b5b0a28eae8c57 100644 (file)
--- a/pgweb/profserv/views.py
+++ b/pgweb/profserv/views.py
@@ -1,6 +1,6 @@
 from django.shortcuts import render_to_response
 from django.http import Http404
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 
 from pgweb.util.contexts import NavContext
 from pgweb.util.helpers import simple_form

diff --git a/pgweb/util/decorators.py b/pgweb/util/decorators.py
index abfbc70cd5ef39cbf4efe465f3e23e0426d00d5d..d30625779b46291fb49a278eb6900de1e796191a 100644 (file)
--- a/pgweb/util/decorators.py
+++ b/pgweb/util/decorators.py
@@ -1,5 +1,6 @@
 import datetime
 from functools import wraps
+from django.contrib.auth.decorators import login_required as django_login_required
 
 def nocache(fn):
        def _nocache(request, *_args, **_kwargs):
@@ -18,3 +19,16 @@ def cache(days=0, hours=0, minutes=0, seconds=0):
                        return resp
                return __cache
        return _cache
+
+from django.utils.decorators import available_attrs
+
+# A wrapped version of login_required that throws an exception if it's
+# used on a path that's not under /account/.
+def login_required(f):
+       @wraps(f)
+       def wrapper(*args, **kwargs):
+               request = args[0]
+               if not request.path.startswith('/account/'):
+                       raise Exception("Login required in bad path, aborting with exception.")
+               return django_login_required(f)(*args, **kwargs)
+       return wrapper