Replace login_required decorator with a validating one

This one will validate that the url is under /accounts/, which is the only part we are going to be excluding from caching once we move the website to https-only.
2025-08-13 13:12:42 +00:00 · 2016-05-23 19:30:22 +02:00
parent 9bcaa6ab33
commit 7fc34e9eaf
9 changed files with 23 additions and 8 deletions
--- a/pgweb/account/views.py
+++ b/pgweb/account/views.py
@ -2,7 +2,7 @@ from django.contrib.auth.models import User
 import django.contrib.auth.views as authviews
 from django.http import HttpResponseRedirect, Http404, HttpResponse
 from django.shortcuts import render_to_response, get_object_or_404
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 from django.utils.encoding import force_bytes
 from django.utils.http import urlsafe_base64_encode
 from django.contrib.auth.tokens import default_token_generator
--- a/pgweb/core/views.py
+++ b/pgweb/core/views.py
@ -2,7 +2,8 @@ from django.shortcuts import render_to_response
 from django.http import HttpResponse, Http404, HttpResponseRedirect
 from django.http import HttpResponseNotModified
 from django.template import TemplateDoesNotExist, loader
-from django.contrib.auth.decorators import login_required, user_passes_test
+from django.contrib.auth.decorators import user_passes_test
+from pgweb.util.decorators import login_required
 from django.contrib import messages
 from django.views.decorators.csrf import csrf_exempt
 from django.db.models import Count
--- a/pgweb/docs/views.py
+++ b/pgweb/docs/views.py
@ -2,7 +2,7 @@ from django.shortcuts import render_to_response, get_object_or_404
 from django.http import HttpResponseRedirect, HttpResponsePermanentRedirect
 from django.http import Http404
 from django.template.context import RequestContext
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 from django.db.models import Q
 from django.conf import settings

--- a/pgweb/downloads/views.py
+++ b/pgweb/downloads/views.py
@ -1,6 +1,6 @@
 from django.shortcuts import render_to_response, get_object_or_404
 from django.http import HttpResponse, Http404, HttpResponseRedirect
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 from django.views.decorators.csrf import csrf_exempt
 from django.db import transaction
 from django.conf import settings
--- a/pgweb/events/views.py
+++ b/pgweb/events/views.py
@ -1,6 +1,6 @@
 from django.shortcuts import render_to_response, get_object_or_404
 from django.http import Http404
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required

 from datetime import date

--- a/pgweb/misc/views.py
+++ b/pgweb/misc/views.py
@ -1,5 +1,5 @@
 from django.shortcuts import render_to_response
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required
 from django.http import HttpResponse
 from django.db import connection
 from django.conf import settings
--- a/pgweb/news/views.py
+++ b/pgweb/news/views.py
@ -1,6 +1,6 @@
 from django.shortcuts import render_to_response, get_object_or_404
 from django.http import Http404
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required

 from pgweb.util.contexts import NavContext
 from pgweb.util.helpers import simple_form
--- a/pgweb/profserv/views.py
+++ b/pgweb/profserv/views.py
@ -1,6 +1,6 @@
 from django.shortcuts import render_to_response
 from django.http import Http404
-from django.contrib.auth.decorators import login_required
+from pgweb.util.decorators import login_required

 from pgweb.util.contexts import NavContext
 from pgweb.util.helpers import simple_form
--- a/pgweb/util/decorators.py
+++ b/pgweb/util/decorators.py
@ -1,5 +1,6 @@
 import datetime
 from functools import wraps
+from django.contrib.auth.decorators import login_required as django_login_required

 def nocache(fn):
 	def _nocache(request, *_args, **_kwargs):
@ -18,3 +19,16 @@ def cache(days=0, hours=0, minutes=0, seconds=0):
 			return resp
 		return __cache
 	return _cache
+
+from django.utils.decorators import available_attrs
+
+# A wrapped version of login_required that throws an exception if it's
+# used on a path that's not under /account/.
+def login_required(f):
+	@wraps(f)
+	def wrapper(*args, **kwargs):
+		request = args[0]
+		if not request.path.startswith('/account/'):
+			raise Exception("Login required in bad path, aborting with exception.")
+		return django_login_required(f)(*args, **kwargs)
+	return wrapper