From c2613af9a69629726e00cce32f72ce9d04944639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jon=C3=A1=C5=A1=20Havelka?= Date: Thu, 10 Aug 2023 22:43:42 +0200 Subject: [PATCH] =?UTF-8?q?Dote=C4=8F=20nevadilo,=20=C5=BEe=20to=20tu=20ne?= =?UTF-8?q?n=C3=AD,=20tak=20ma=C5=BEu?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mamweb/middleware.py | 54 --------------------------------------- mamweb/settings_common.py | 3 --- 2 files changed, 57 deletions(-) delete mode 100644 mamweb/middleware.py diff --git a/mamweb/middleware.py b/mamweb/middleware.py deleted file mode 100644 index 208c6cbd..00000000 --- a/mamweb/middleware.py +++ /dev/null @@ -1,54 +0,0 @@ -from datetime import datetime, date - -from django.conf import settings -from django.http import HttpResponse, HttpResponseRedirect - - - -class LoggedInHintCookieMiddleware(object): - """Middleware to securely help with 'logged-in' detection for dual HTTP/HTTPS sites. - - On insecure requests: Checks for a (non-secure) cookie settings.LOGGED_IN_HINT_COOKIE_NAME - and if present, redirects to HTTPS (same adress). - Note this usually breaks non-GET (POST) requests. - - On secure requests: Updates cookie settings.LOGGED_IN_HINT_COOKIE_NAME to reflect - whether an user is logged in in the current session (cookie set to 'True' or cleared). - The cookie is set to expire at the same time as the sessionid cookie. - - By default, LOGGED_IN_HINT_COOKIE_NAME = 'logged_in_hint'. - """ - - def __init__(self): - if hasattr(settings, 'LOGGED_IN_HINT_COOKIE_NAME'): - self.cookie_name = settings.LOGGED_IN_HINT_COOKIE_NAME - else: self.cookie_name = 'logged_in_hint' - self.cookie_value = 'True' - - def cookie_correct(self, request): - return self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == self.cookie_value - - def process_request(self, request): - if not request.is_secure(): - if self.cookie_correct(request): - # redirect insecure (assuming http) requests with hint cookie to https - url = request.build_absolute_uri() - assert url[:5] == 'http:' - return HttpResponseRedirect('https:' + url[5:]) - return None - - def process_response(self, request, response): - if request.is_secure(): - # assuming full session info (as the conn. is secure) - try: - user = request.user - except AttributeError: # no user - ajax or other special request - return response - if user.is_authenticated(): - if not self.cookie_correct(request): - expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date() - response.set_cookie(self.cookie_name, value=self.cookie_value, expires=expiry, secure=False) - else: - if self.cookie_name in request.COOKIES: - response.delete_cookie(self.cookie_name) - return response diff --git a/mamweb/settings_common.py b/mamweb/settings_common.py index 51d5351f..13cf1098 100644 --- a/mamweb/settings_common.py +++ b/mamweb/settings_common.py @@ -66,9 +66,6 @@ MIDDLEWARE = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', -# FIXME: rozbilo se při přechodu na Django 2.0, nevím, jestli -# se to dá zahodit bez náhrady -# 'mamweb.middleware.LoggedInHintCookieMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',