Middleware řešící sessioh mezi http a https se už fakt dlouho nepoužívá a navíc je toto téma dnes dávno pasé

4 months ago · e21a93f9e7
2 changed files with 0 additions and 57 deletions
--- a/mamweb/middleware.py
+++ b/mamweb/middleware.py
@ -1,54 +0,0 @@
-from datetime import datetime, date
-
-from django.conf import settings
-from django.http import HttpResponse, HttpResponseRedirect
-
-
-
-class LoggedInHintCookieMiddleware(object):
-	"""Middleware to securely help with 'logged-in' detection for dual HTTP/HTTPS sites.
-	
-	On insecure requests: Checks for a (non-secure) cookie settings.LOGGED_IN_HINT_COOKIE_NAME
-	and if present, redirects to HTTPS (same adress).
-	Note this usually breaks non-GET (POST) requests.
-
-	On secure requests: Updates cookie settings.LOGGED_IN_HINT_COOKIE_NAME to reflect
-	whether an user is logged in in the current session (cookie set to 'True' or cleared).
-	The cookie is set to expire at the same time as the sessionid cookie.
-
-	By default, LOGGED_IN_HINT_COOKIE_NAME = 'logged_in_hint'.
-	"""
-
-	def __init__(self):
-		if hasattr(settings, 'LOGGED_IN_HINT_COOKIE_NAME'):
-			self.cookie_name = settings.LOGGED_IN_HINT_COOKIE_NAME
-		else: self.cookie_name = 'logged_in_hint'
-		self.cookie_value = 'True'
-
-	def cookie_correct(self, request):
-		return self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == self.cookie_value
-
-	def process_request(self, request):
-		if not request.is_secure():
-			if self.cookie_correct(request):
-				# redirect insecure (assuming http) requests with hint cookie to https
-				url = request.build_absolute_uri()
-				assert url[:5] == 'http:'
-				return HttpResponseRedirect('https:' + url[5:])
-		return None
-
-	def process_response(self, request, response):
-		if request.is_secure():
-			# assuming full session info (as the conn. is secure)
-			try:
-				user = request.user
-			except AttributeError: # no user - ajax or other special request
-				return response
-			if user.is_authenticated():
-				if not self.cookie_correct(request):
-					expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date()
-					response.set_cookie(self.cookie_name, value=self.cookie_value, expires=expiry, secure=False)
-			else:
-				if self.cookie_name in request.COOKIES:
-					response.delete_cookie(self.cookie_name)
-		return response
--- a/mamweb/settings_common.py
+++ b/mamweb/settings_common.py
@ -68,9 +68,6 @@ MIDDLEWARE = (
 	'django.contrib.sessions.middleware.SessionMiddleware',
 	'django.middleware.common.CommonMiddleware',
 	'django.middleware.csrf.CsrfViewMiddleware',
-#	FIXME: rozbilo se při přechodu na Django 2.0, nevím, jestli 
-#	se to dá zahodit bez náhrady
-#    'mamweb.middleware.LoggedInHintCookieMiddleware',
 	'django.contrib.auth.middleware.AuthenticationMiddleware',
 	'django.contrib.messages.middleware.MessageMiddleware',
 	'django.middleware.clickjacking.XFrameOptionsMiddleware',