blob: 43fefb5a0cae73b408a4243701c89339362f75b8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
# gitrefinery-web - middleware definitions
#
# Copyright (C) 2019 Intel Corporation
#
# Licensed under the MIT license, see COPYING.MIT for details
from django.utils.deprecation import MiddlewareMixin
from django.http import HttpResponseRedirect
from django.urls import reverse
from django.contrib.auth import logout
from django.contrib import messages
import settings
import re
from datetime import datetime
class SessionIdleTimeoutMiddleware(MiddlewareMixin):
"""
Middleware which implements Session IDLE TIMEOUT every page.
This requirement can be specified in settings via
Variables in SESSION_IDLE_TIMEOUT.
"""
def process_request(self, request):
if request.user.is_authenticated:
if getattr(settings, 'SESSION_IDLE_TIMEOUT', 0) > 0:
current_datetime = datetime.timestamp(datetime.now())
if ('last_access' in request.session):
last = (current_datetime - request.session['last_access'])
if last > settings.SESSION_IDLE_TIMEOUT:
messages.add_message(request, messages.INFO,
'Your session has timed out due to inactivity. Log in again to continue.')
logout(request)
return HttpResponseRedirect(reverse('login'))
request.session['last_access'] = current_datetime
return None
class LoginRequiredMiddleware(MiddlewareMixin):
"""
Middleware that requires a user to be authenticated to view any page.
Exemptions to this requirement can optionally be specified
in settings via a list of regular expressions in LOGIN_EXEMPT_URLS.
"""
def process_request(self, request):
try:
if not request.user.is_authenticated:
path = request.path_info
if (not any(re.compile(m).match(path) for m in settings.LOGIN_EXEMPT_URLS)) and not reverse('login') == path:
return HttpResponseRedirect(reverse('login'))
except AttributeError:
return HttpResponseRedirect(reverse('login'))
|
