mirror of
https://github.com/postgres/pgweb.git
synced 2025-08-13 13:12:42 +00:00
Remove SSL decorators and middleware
The site is now served regardless of SSL, and assumes that the webserver or web cache ensures that things rae always SSL.
This commit is contained in:
Magnus Hagander
@ -26,7 +26,6 @@ with. Here's a quick step-by-step on how to do that:
|
||||
DEBUG=True
|
||||
TEMPLATE_DEBUG=DEBUG
|
||||
SITE_ROOT="http://localhost:8000"
|
||||
NO_HTTPS_REDIRECT=True
|
||||
SESSION_COOKIE_SECURE=False
|
||||
SESSION_COOKIE_DOMAIN=None
|
||||
DATABASE_NAME="pgweb"
|
||||
|
||||
@ -19,7 +19,6 @@ import time
|
||||
import json
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
from pgweb.util.decorators import ssl_required
|
||||
from pgweb.util.contexts import NavContext
|
||||
from pgweb.util.misc import send_template_mail, generate_random_token, get_client_ip
|
||||
from pgweb.util.helpers import HttpServerError
|
||||
@ -39,7 +38,6 @@ from forms import ChangeEmailForm
|
||||
import logging
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
def home(request):
|
||||
myarticles = NewsArticle.objects.filter(org__managers=request.user, approved=False)
|
||||
@ -79,7 +77,6 @@ objtypes = {
|
||||
},
|
||||
}
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
@transaction.atomic
|
||||
def profile(request):
|
||||
@ -123,7 +120,6 @@ def profile(request):
|
||||
'contribform': contribform,
|
||||
}, NavContext(request, "account"))
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
@transaction.atomic
|
||||
def change_email(request):
|
||||
@ -158,7 +154,6 @@ def change_email(request):
|
||||
'token': token,
|
||||
}, NavContext(request, "account"))
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
@transaction.atomic
|
||||
def confirm_change_email(request, tokenhash):
|
||||
@ -176,7 +171,6 @@ def confirm_change_email(request, tokenhash):
|
||||
'success': token and True or False,
|
||||
}, NavContext(request, "account"))
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
def listobjects(request, objtype):
|
||||
if not objtypes.has_key(objtype):
|
||||
@ -190,7 +184,6 @@ def listobjects(request, objtype):
|
||||
'suburl': objtype,
|
||||
}, NavContext(request, 'account'))
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
def orglist(request):
|
||||
orgs = Organisation.objects.filter(approved=True)
|
||||
@ -199,40 +192,33 @@ def orglist(request):
|
||||
'orgs': orgs,
|
||||
}, NavContext(request, 'account'))
|
||||
|
||||
@ssl_required
|
||||
def login(request):
|
||||
return authviews.login(request, template_name='account/login.html',
|
||||
authentication_form=PgwebAuthenticationForm)
|
||||
|
||||
@ssl_required
|
||||
def logout(request):
|
||||
return authviews.logout_then_login(request, login_url='/')
|
||||
|
||||
@ssl_required
|
||||
def changepwd(request):
|
||||
log.info("Initiating password change from {0}".format(get_client_ip(request)))
|
||||
return authviews.password_change(request,
|
||||
template_name='account/password_change.html',
|
||||
post_change_redirect='/account/changepwd/done/')
|
||||
|
||||
@ssl_required
|
||||
def resetpwd(request):
|
||||
log.info("Initiating password set from {0}".format(get_client_ip(request)))
|
||||
return authviews.password_reset(request, template_name='account/password_reset.html',
|
||||
email_template_name='account/password_reset_email.txt',
|
||||
post_reset_redirect='/account/reset/done/')
|
||||
|
||||
@ssl_required
|
||||
def change_done(request):
|
||||
log.info("Password change done from {0}".format(get_client_ip(request)))
|
||||
return authviews.password_change_done(request, template_name='account/password_change_done.html')
|
||||
|
||||
@ssl_required
|
||||
def reset_done(request):
|
||||
log.info("Password reset done from {0}".format(get_client_ip(request)))
|
||||
return authviews.password_reset_done(request, template_name='account/password_reset_done.html')
|
||||
|
||||
@ssl_required
|
||||
def reset_confirm(request, uidb64, token):
|
||||
log.info("Confirming password reset for uidb {0}, token {1} from {2}".format(uidb64, token, get_client_ip(request)))
|
||||
return authviews.password_reset_confirm(request,
|
||||
@ -241,12 +227,10 @@ def reset_confirm(request, uidb64, token):
|
||||
template_name='account/password_reset_confirm.html',
|
||||
post_reset_redirect='/account/reset/complete/')
|
||||
|
||||
@ssl_required
|
||||
def reset_complete(request):
|
||||
log.info("Password reset completed for user from {0}".format(get_client_ip(request)))
|
||||
return authviews.password_reset_complete(request, template_name='account/password_reset_complete.html')
|
||||
|
||||
@ssl_required
|
||||
def signup(request):
|
||||
if request.user.is_authenticated():
|
||||
return HttpServerError("You must log out before you can sign up for a new account")
|
||||
@ -298,7 +282,6 @@ content is available for reading without an account.
|
||||
}, NavContext(request, 'account'))
|
||||
|
||||
|
||||
@ssl_required
|
||||
def signup_complete(request):
|
||||
return render_to_response('account/signup_complete.html', {
|
||||
}, NavContext(request, 'account'))
|
||||
@ -309,7 +292,6 @@ def signup_complete(request):
|
||||
## Community authentication endpoint
|
||||
####
|
||||
|
||||
@ssl_required
|
||||
def communityauth(request, siteid):
|
||||
# Get whatever site the user is trying to log in to.
|
||||
site = get_object_or_404(CommunityAuthSite, pk=siteid)
|
||||
@ -397,7 +379,6 @@ def communityauth(request, siteid):
|
||||
))
|
||||
|
||||
|
||||
@ssl_required
|
||||
def communityauth_logout(request, siteid):
|
||||
# Get whatever site the user is trying to log in to.
|
||||
site = get_object_or_404(CommunityAuthSite, pk=siteid)
|
||||
@ -408,7 +389,6 @@ def communityauth_logout(request, siteid):
|
||||
# Redirect user back to the specified suburl
|
||||
return HttpResponseRedirect("%s?s=logout" % site.redirecturl)
|
||||
|
||||
@ssl_required
|
||||
def communityauth_search(request, siteid):
|
||||
# Perform a search for users. The response will be encrypted with the site
|
||||
# key to prevent abuse, therefor we need the site.
|
||||
|
||||
@ -15,7 +15,7 @@ import os
|
||||
import re
|
||||
import urllib
|
||||
|
||||
from pgweb.util.decorators import ssl_required, cache, nocache
|
||||
from pgweb.util.decorators import cache, nocache
|
||||
from pgweb.util.contexts import NavContext
|
||||
from pgweb.util.helpers import simple_form, PgXmlHelper, HttpServerError
|
||||
from pgweb.util.moderation import get_all_pending_moderations
|
||||
@ -111,7 +111,6 @@ def fallback(request, url):
|
||||
return HttpResponse(t.render(NavContext(request, navsect)))
|
||||
|
||||
# Edit-forms for core objects
|
||||
@ssl_required
|
||||
@login_required
|
||||
def organisationform(request, itemid):
|
||||
return simple_form(Organisation, itemid, request, OrganisationForm,
|
||||
@ -160,8 +159,7 @@ def sitemap(request):
|
||||
|
||||
# dynamic CSS serving, meaning we merge a number of different CSS into a
|
||||
# single one, making sure it turns into a single http response. We do this
|
||||
# dynamically, since the output will be cached (for all non-SSL users, which
|
||||
# is the vast majority) anyway.
|
||||
# dynamically, since the output will be cached.
|
||||
_dynamic_cssmap = {
|
||||
'base': ['media/css/global.css',
|
||||
'media/css/layout.css',
|
||||
@ -231,7 +229,6 @@ def system_information(request):
|
||||
'client_ip': get_client_ip(request),
|
||||
})
|
||||
|
||||
@ssl_required
|
||||
def system_information_ssl(request):
|
||||
return render_to_response('core/system_information.html', {
|
||||
'server': os.uname()[1],
|
||||
@ -278,7 +275,6 @@ def admin_purge(request):
|
||||
'latest_purges': latest,
|
||||
}, RequestContext(request))
|
||||
|
||||
@ssl_required
|
||||
@csrf_exempt
|
||||
def api_varnish_purge(request):
|
||||
if not request.META['REMOTE_ADDR'] in settings.VARNISH_PURGERS:
|
||||
|
||||
@ -9,7 +9,6 @@ from django.conf import settings
|
||||
from decimal import Decimal
|
||||
import os
|
||||
|
||||
from pgweb.util.decorators import ssl_required
|
||||
from pgweb.util.contexts import NavContext
|
||||
from pgweb.util.helpers import template_to_string
|
||||
from pgweb.util.misc import send_template_mail
|
||||
@ -119,7 +118,6 @@ def manualarchive(request):
|
||||
'versions': [_VersionPdfWrapper(v) for v in versions],
|
||||
}, NavContext(request, 'docs'))
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
def commentform(request, itemid, version, filename):
|
||||
if request.method == 'POST':
|
||||
|
||||
@ -9,7 +9,7 @@ import os
|
||||
import urlparse
|
||||
import cPickle as pickle
|
||||
|
||||
from pgweb.util.decorators import ssl_required, nocache
|
||||
from pgweb.util.decorators import nocache
|
||||
from pgweb.util.contexts import NavContext
|
||||
from pgweb.util.helpers import simple_form, PgXmlHelper, HttpServerError
|
||||
from pgweb.util.misc import get_client_ip, varnish_purge, version_sort
|
||||
@ -94,7 +94,6 @@ def ftpbrowser(request, subpath):
|
||||
# server(s) can post it.
|
||||
# There is no concurrency check - the ftp site better not send more than one
|
||||
# file in parallel.
|
||||
@ssl_required
|
||||
@csrf_exempt
|
||||
def uploadftp(request):
|
||||
if request.method != 'PUT':
|
||||
@ -152,7 +151,6 @@ def productlist(request, catid, junk=None):
|
||||
'productcount': len(products),
|
||||
}, NavContext(request, 'download'))
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
def productform(request, itemid):
|
||||
return simple_form(Product, itemid, request, ProductForm,
|
||||
|
||||
@ -4,7 +4,6 @@ from django.contrib.auth.decorators import login_required
|
||||
|
||||
from datetime import date
|
||||
|
||||
from pgweb.util.decorators import ssl_required
|
||||
from pgweb.util.contexts import NavContext
|
||||
from pgweb.util.helpers import simple_form
|
||||
|
||||
@ -47,7 +46,6 @@ def item(request, itemid, throwaway=None):
|
||||
'obj': event,
|
||||
}, NavContext(request, 'about'))
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
def form(request, itemid):
|
||||
return simple_form(Event, itemid, request, EventForm,
|
||||
|
||||
@ -9,13 +9,11 @@ import os
|
||||
from pgweb.util.contexts import NavContext
|
||||
from pgweb.util.helpers import template_to_string
|
||||
from pgweb.util.misc import send_template_mail
|
||||
from pgweb.util.decorators import ssl_required
|
||||
|
||||
from pgweb.core.models import Version
|
||||
|
||||
from forms import SubmitBugForm
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
def submitbug(request):
|
||||
if request.method == 'POST':
|
||||
|
||||
@ -2,7 +2,6 @@ from django.shortcuts import render_to_response, get_object_or_404
|
||||
from django.http import Http404
|
||||
from django.contrib.auth.decorators import login_required
|
||||
|
||||
from pgweb.util.decorators import ssl_required
|
||||
from pgweb.util.contexts import NavContext
|
||||
from pgweb.util.helpers import simple_form
|
||||
|
||||
@ -23,7 +22,6 @@ def item(request, itemid, throwaway=None):
|
||||
'obj': news,
|
||||
}, NavContext(request, 'about'))
|
||||
|
||||
@ssl_required
|
||||
@login_required
|
||||
def form(request, itemid):
|
||||
return simple_form(NewsArticle, itemid, request, NewsArticleForm,
|
||||
|
||||
@ -2,7 +2,6 @@ from django.shortcuts import render_to_response
|
||||
from django.http import Http404
|
||||
from django.contrib.auth.decorators import login_required
|
||||
|
||||
from pgweb.util.decorators import ssl_required
|
||||
from pgweb.util.contexts import NavContext
|
||||
from pgweb.util.helpers import simple_form
|
||||
|
||||
@ -56,7 +55,6 @@ def region(request, servtype, regionname):
|
||||
|
||||
|
||||
# Forms to edit
|
||||
@ssl_required
|
||||
@login_required
|
||||
def profservform(request, itemid):
|
||||
return simple_form(ProfessionalService, itemid, request, ProfessionalServiceForm,
|
||||
|
||||
@ -157,8 +157,6 @@ NOTIFICATION_FROM="someone@example.com" # Address to send notific
|
||||
LISTSERVER_EMAIL="someone@example.com" # Address to majordomo
|
||||
BUGREPORT_EMAIL="someone@example.com" # Address to pgsql-bugs list
|
||||
DOCSREPORT_EMAIL="someone@example.com" # Address to pgsql-docs list
|
||||
NO_HTTPS_REDIRECT=False # Set to true to disable redirects to https when
|
||||
# developing locally
|
||||
FRONTEND_SERVERS=() # A tuple containing the *IP addresses* of all the
|
||||
# varnish frontend servers in use.
|
||||
FTP_MASTERS=() # A tuple containing the *IP addresses* of all machines
|
||||
|
||||
@ -17,29 +17,6 @@ def get_current_user():
|
||||
# project.
|
||||
class PgMiddleware(object):
|
||||
def process_view(self, request, view_func, view_args, view_kwargs):
|
||||
# We implement the SSL verification in a middleware and not just a decorator, because
|
||||
# if we do it just in a decorator we'd have to add a decorator for each and every
|
||||
# view that *doesn't* require SSL. This is much easier, of course.
|
||||
|
||||
if hasattr(settings,'NO_HTTPS_REDIRECT') and settings.NO_HTTPS_REDIRECT:
|
||||
return None
|
||||
|
||||
# Always redirect the admin interface to https
|
||||
if request.path.startswith('/admin'):
|
||||
if not request.is_secure():
|
||||
return HttpResponseRedirect(request.build_absolute_uri().replace('http://','https://',1))
|
||||
return None
|
||||
|
||||
if getattr(view_func, 'ssl_required', False):
|
||||
# This view requires SSL, so check if we have it
|
||||
if not request.is_secure():
|
||||
# May need to deal with ports specified here?
|
||||
return HttpResponseRedirect(request.build_absolute_uri().replace('http://','https://',1))
|
||||
else:
|
||||
# This view must not use SSL, so make sure we don't have it
|
||||
if request.is_secure():
|
||||
return HttpResponseRedirect(request.build_absolute_uri().replace('https://','http://',1))
|
||||
|
||||
return None
|
||||
|
||||
def process_request(self, request):
|
||||
|
||||
Reference in New Issue
Block a user