syabro/middleware.py

## middleware.py
# Based on http://djangosnippets.org/snippets/1158/

import json
import re

from django.conf import settings
from django.http import HttpResponse, HttpResponseRedirect

class EnforceLoginMiddleware(object):
    """
    From https://gist.github.com/tomds/3032515
    Middlware class which requires the user to be authenticated for all urls except
    those defined in PUBLIC_URLS in settings.py. PUBLIC_URLS should be a tuple of regular
    expresssions for the urls you want anonymous users to have access to. If PUBLIC_URLS
    is not defined, it falls back to LOGIN_URL or failing that '/accounts/login/'.
    Requests for urls not matching PUBLIC_URLS get redirected to LOGIN_URL with next set
    to original path of the unauthenticted request.
    """

    def __init__(self):
        self.login_url = getattr(settings, 'LOGIN_URL', '/accounts/login/')
        if not self.login_url.startswith('/'):
            self.login_url = reverse(self.login_url)

        if hasattr(settings, 'PUBLIC_URLS'):
            reversed_urls = []
            for url in settings.PUBLIC_URLS:
                if not url.startswith('/'):
                    reversed_urls.append(reverse(url))
                else:
                    reversed_urls.append(url)
            public_urls = [re.compile(url) for url in reversed_urls]
            public_urls.append(re.compile("^%s$" % self.login_url))
        else:
            public_urls = [re.compile("^%s$" % self.login_url)]
        self.public_urls = tuple(public_urls)

    def process_request(self, request):
        """
        Redirect anonymous users to login_url from non public urls
        """
        redirect_to_login = False
        try:
            if request.user.is_anonymous():
                for url in self.public_urls:
                    print url.pattern, request.path
                    if url.match(request.path):
                        return None

                redirect_to_login = True
        except AttributeError:
            redirect_to_login = True

        if redirect_to_login:
            # Return a 401 for AJAX requests so it's easy to tell from JS that login is required
            if request.is_ajax() or \
               'application/json' in request.META.get('HTTP_ACCEPT', '') or \
               request.POST.get('httpAccept') == 'json':
                return HttpResponse(json.dumps({'loginRedirect': True}), status=401)
            return HttpResponseRedirect("%s?next=%s" % (self.login_url, request.path))

## settings.py
PUBLIC_URLS = [
    'user_login', # reversed
    '/user/password_reset/', #not reversed
    'user_register', # reversed
    'user_logout' # reversed
]
	# Based on http://djangosnippets.org/snippets/1158/

	import json
	import re

	from django.conf import settings
	from django.http import HttpResponse, HttpResponseRedirect

	class EnforceLoginMiddleware(object):
	"""
	From https://gist.github.com/tomds/3032515
	Middlware class which requires the user to be authenticated for all urls except
	those defined in PUBLIC_URLS in settings.py. PUBLIC_URLS should be a tuple of regular
	expresssions for the urls you want anonymous users to have access to. If PUBLIC_URLS
	is not defined, it falls back to LOGIN_URL or failing that '/accounts/login/'.
	Requests for urls not matching PUBLIC_URLS get redirected to LOGIN_URL with next set
	to original path of the unauthenticted request.
	"""

	def __init__(self):
	self.login_url = getattr(settings, 'LOGIN_URL', '/accounts/login/')
	if not self.login_url.startswith('/'):
	self.login_url = reverse(self.login_url)

	if hasattr(settings, 'PUBLIC_URLS'):
	reversed_urls = []
	for url in settings.PUBLIC_URLS:
	if not url.startswith('/'):
	reversed_urls.append(reverse(url))
	else:
	reversed_urls.append(url)
	public_urls = [re.compile(url) for url in reversed_urls]
	public_urls.append(re.compile("^%s$" % self.login_url))
	else:
	public_urls = [re.compile("^%s$" % self.login_url)]
	self.public_urls = tuple(public_urls)

	def process_request(self, request):
	"""
	Redirect anonymous users to login_url from non public urls
	"""
	redirect_to_login = False
	try:
	if request.user.is_anonymous():
	for url in self.public_urls:
	print url.pattern, request.path
	if url.match(request.path):
	return None

	redirect_to_login = True
	except AttributeError:
	redirect_to_login = True

	if redirect_to_login:
	# Return a 401 for AJAX requests so it's easy to tell from JS that login is required
	if request.is_ajax() or \
	'application/json' in request.META.get('HTTP_ACCEPT', '') or \
	request.POST.get('httpAccept') == 'json':
	return HttpResponse(json.dumps({'loginRedirect': True}), status=401)
	return HttpResponseRedirect("%s?next=%s" % (self.login_url, request.path))
	PUBLIC_URLS = [
	'user_login', # reversed
	'/user/password_reset/', #not reversed
	'user_register', # reversed
	'user_logout' # reversed
	]