Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from django.http import HttpResponseRedirect
- from django.conf import settings
- class LoginChecksMiddleware(object):
- """
- A user has to be logged in to access
- any screen other than the login screen
- and password reset screen.
- A logged-in user must have changed their
- password within the required period.
- """
- def process_request(self, request):
- #don't restrict CSS & images
- #don't break Django user tests (/remote_user/ URL)
- if request.META['PATH_INFO'].startswith(settings.MEDIA_URL) or request.META['PATH_INFO'] == '/remote_user/':
- return None
- if request.user.is_anonymous():
- #if they're trying to log in, let them
- if request.META['PATH_INFO'].startswith('/login/') or \
- request.META['PATH_INFO'].startswith('/password_reset') or \
- request.META['PATH_INFO'].startswith('/register') or \
- request.META['PATH_INFO'].startswith('/reset/'):
- return None
- #redirect to login
- return HttpResponseRedirect('/login/')
- else:
- #if they're trying to go to the password_change
- #page, let them in any case
- if request.META['PATH_INFO'] == '/password_change/':
- return None
- #if password is expired, redirect
- if request.user.get_profile().password_is_expired():
- return HttpResponseRedirect('/password_change/')
- #if nothing was triggered,
- #just return None
- return None
Advertisement
Add Comment
Please, Sign In to add comment
