def https_and_login_required(view_func): def _wrapped_view_func(request, *args, **kwargs): if not request.using_https and not settings.DEBUG: return HttpResponse('{"detail": "This resource requires a secure connection (https)"}', status=403) if not request.user.is_authenticated(): # Quick fix, should be implemented better path = request.build_absolute_uri().split('/apiv2/')[1] path = prepend_base('/apiv2/' + path, use_https=not settings.DEBUG, dynamic_resolve=False) return redirect_to_login(path, login_url, REDIRECT_FIELD_NAME) return view_func(request, *args, **kwargs) return _wrapped_view_func #return login_required(_wrapped_view_func, login_url=login_url) def https_required_and_crsf_exempt(view_func): def _wrapped_view_func(request, *args, **kwargs): if not request.using_https and not settings.DEBUG: return HttpResponse('{"detail": "This resource requires a secure connection (https)"}', status=403) return view_func(request, *args, **kwargs) return csrf_exempt(_wrapped_view_func) urlpatterns = patterns('', url('^authorize/?$', https_and_login_required(Capture.as_view()), name='capture'), url('^authorize/confirm/?$', https_and_login_required(Authorize.as_view()), name='authorize'), url('^redirect/?$', https_and_login_required(Redirect.as_view()), name='redirect'), url('^access_token/?$', https_required_and_crsf_exempt(AccessTokenView.as_view()), name='access_token'), )
def https_and_force_login(view_func): def _wrapped_view_func(request, *args, **kwargs): if not request.using_https and not settings.DEBUG: return HttpResponse('{"detail": "This resource requires a secure connection (https)"}', status=403) # Logout the user so we make sure he needs to login again logout(request) # Quick fix, should be implemented better path = request.build_absolute_uri().split('/apiv2/')[1] path = prepend_base('/apiv2/' + path, use_https=not settings.DEBUG, dynamic_resolve=False) path = path.replace('logout_and_', '') return redirect_to_login(path, login_url, REDIRECT_FIELD_NAME) return _wrapped_view_func #return login_required(_wrapped_view_func, login_url=login_url) def https_required_and_crsf_exempt(view_func): def _wrapped_view_func(request, *args, **kwargs): if not request.using_https and not settings.DEBUG: return HttpResponse('{"detail": "This resource requires a secure connection (https)"}', status=403) return view_func(request, *args, **kwargs) return csrf_exempt(_wrapped_view_func) urlpatterns = patterns('', url('^authorize/?$', https_and_login_required(Capture.as_view()), name='capture'), url('^logout_and_authorize/?$', https_and_force_login(Capture.as_view()), name='capture'), url('^authorize/confirm/?$', https_and_login_required(Authorize.as_view()), name='authorize'), url('^redirect/?$', https_and_login_required(Redirect.as_view()), name='redirect'), url('^access_token/?$', https_required_and_crsf_exempt(AccessTokenView.as_view()), name='access_token'), )