Middleware řešící sessioh mezi http a https se už fakt dlouho nepoužívá a navíc je toto téma dnes dávno pasé

3 months ago · e21a93f9e7
2 changed files with 0 additions and 57 deletions
--- a/mamweb/middleware.py
+++ b/mamweb/middleware.py
@ -1,54 +0,0 @@
 from datetime import datetime, date
 from django.conf import settings
 from django.http import HttpResponse, HttpResponseRedirect
 class LoggedInHintCookieMiddleware(object):
 	"""Middleware to securely help with 'logged-in' detection for dual HTTP/HTTPS sites.
 	On insecure requests: Checks for a (non-secure) cookie settings.LOGGED_IN_HINT_COOKIE_NAME
 	and if present, redirects to HTTPS (same adress).
 	Note this usually breaks non-GET (POST) requests.
 	On secure requests: Updates cookie settings.LOGGED_IN_HINT_COOKIE_NAME to reflect
 	whether an user is logged in in the current session (cookie set to 'True' or cleared).
 	The cookie is set to expire at the same time as the sessionid cookie.
 	By default, LOGGED_IN_HINT_COOKIE_NAME = 'logged_in_hint'.
 	"""
 	def __init__(self):
 		if hasattr(settings, 'LOGGED_IN_HINT_COOKIE_NAME'):
 			self.cookie_name = settings.LOGGED_IN_HINT_COOKIE_NAME
 		else: self.cookie_name = 'logged_in_hint'
 		self.cookie_value = 'True'
 	def cookie_correct(self, request):
 		return self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == self.cookie_value
 	def process_request(self, request):
 		if not request.is_secure():
 			if self.cookie_correct(request):
 				# redirect insecure (assuming http) requests with hint cookie to https
 				url = request.build_absolute_uri()
 				assert url[:5] == 'http:'
 				return HttpResponseRedirect('https:' + url[5:])
 		return None
 	def process_response(self, request, response):
 		if request.is_secure():
 			# assuming full session info (as the conn. is secure)
 			try:
 				user = request.user
 			except AttributeError: # no user - ajax or other special request
 				return response
 			if user.is_authenticated():
 				if not self.cookie_correct(request):
 					expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date()
 					response.set_cookie(self.cookie_name, value=self.cookie_value, expires=expiry, secure=False)
 			else:
 				if self.cookie_name in request.COOKIES:
 					response.delete_cookie(self.cookie_name)
 		return response
--- a/mamweb/settings_common.py
+++ b/mamweb/settings_common.py
@ -68,9 +68,6 @@ MIDDLEWARE = (
 	'django.contrib.sessions.middleware.SessionMiddleware',
 	'django.middleware.common.CommonMiddleware',
 	'django.middleware.csrf.CsrfViewMiddleware',
 #	FIXME: rozbilo se při přechodu na Django 2.0, nevím, jestli 
 #	se to dá zahodit bez náhrady
 #    'mamweb.middleware.LoggedInHintCookieMiddleware',
 	'django.contrib.auth.middleware.AuthenticationMiddleware',
 	'django.contrib.messages.middleware.MessageMiddleware',
 	'django.middleware.clickjacking.XFrameOptionsMiddleware',