mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-11-30 04:13:01 +00:00
a6b479db19
- /apps/activity/api/serializers.py - /apps/activity/api/urls.py - /apps/activity/api/views.py - /apps/activity/tests/test_activities.py - /apps/activity/__init__.py - /apps/activity/admin.py - /apps/activity/apps.py - /apps/activity/forms.py - /apps/activity/tables.py - /apps/activity/urls.py - /apps/activity/views.py - /apps/api/__init__.py - /apps/api/apps.py - /apps/api/serializers.py - /apps/api/tests.py - /apps/api/urls.py - /apps/api/views.py - /apps/api/viewsets.py - /apps/logs/signals.py - /apps/logs/apps.py - /apps/logs/__init__.py - /apps/logs/api/serializers.py - /apps/logs/api/urls.py - /apps/logs/api/views.py - /apps/member/api/serializers.py - /apps/member/api/urls.py - /apps/member/api/views.py - /apps/member/templatetags/memberinfo.py - /apps/member/__init__.py - /apps/member/admin.py - /apps/member/apps.py - /apps/member/auth.py - /apps/member/forms.py - /apps/member/hashers.py - /apps/member/signals.py - /apps/member/tables.py - /apps/member/urls.py - /apps/member/views.py - /apps/note/api/serializers.py - /apps/note/api/urls.py - /apps/note/api/views.py - /apps/note/models/__init__.py - /apps/note/static/note/js/consos.js - /apps/note/templates/note/mails/negative_balance.txt - /apps/note/templatetags/getenv.py - /apps/note/templatetags/pretty_money.py - /apps/note/tests/test_transactions.py - /apps/note/__init__.py - /apps/note/admin.py - /apps/note/apps.py - /apps/note/forms.py - /apps/note/signals.py - /apps/note/tables.py - /apps/note/urls.py - /apps/note/views.py - /apps/permission/api/serializers.py - /apps/permission/api/urls.py - /apps/permission/api/views.py - /apps/permission/templatetags/perms.py - /apps/permission/tests/test_oauth2.py - /apps/permission/tests/test_permission_denied.py - /apps/permission/tests/test_permission_queries.py - /apps/permission/tests/test_rights_page.py - /apps/permission/__init__.py - /apps/permission/admin.py - /apps/permission/backends.py - /apps/permission/apps.py - /apps/permission/decorators.py - /apps/permission/permissions.py - /apps/permission/scopes.py - /apps/permission/signals.py - /apps/permission/tables.py - /apps/permission/urls.py - /apps/permission/views.py - /apps/registration/tests/test_registration.py - /apps/registration/__init__.py - /apps/registration/apps.py - /apps/registration/forms.py - /apps/registration/tables.py - /apps/registration/tokens.py - /apps/registration/urls.py - /apps/registration/views.py - /apps/treasury/api/serializers.py - /apps/treasury/api/urls.py - /apps/treasury/api/views.py - /apps/treasury/templatetags/escape_tex.py - /apps/treasury/tests/test_treasury.py - /apps/treasury/__init__.py - /apps/treasury/admin.py - /apps/treasury/apps.py - /apps/treasury/forms.py - /apps/treasury/signals.py - /apps/treasury/tables.py - /apps/treasury/urls.py - /apps/treasury/views.py - /apps/wei/api/serializers.py - /apps/wei/api/urls.py - /apps/wei/api/views.py - /apps/wei/forms/surveys/__init__.py - /apps/wei/forms/surveys/base.py - /apps/wei/forms/surveys/wei2021.py - /apps/wei/forms/surveys/wei2022.py - /apps/wei/forms/surveys/wei2023.py - /apps/wei/forms/__init__.py - /apps/wei/forms/registration.py - /apps/wei/management/commands/export_wei_registrations.py - /apps/wei/management/commands/import_scores.py - /apps/wei/management/commands/wei_algorithm.py - /apps/wei/templates/wei/weilist_sample.tex - /apps/wei/tests/test_wei_algorithm_2021.py - /apps/wei/tests/test_wei_algorithm_2022.py - /apps/wei/tests/test_wei_algorithm_2023.py - /apps/wei/tests/test_wei_registration.py - /apps/wei/__init__.py - /apps/wei/admin.py - /apps/wei/apps.py - /apps/wei/tables.py - /apps/wei/urls.py - /apps/wei/views.py - /note_kfet/settings/__init__.py - /note_kfet/settings/base.py - /note_kfet/settings/development.py - /note_kfet/settings/secrets_example.py - /note_kfet/static/js/base.js - /note_kfet/admin.py - /note_kfet/inputs.py - /note_kfet/middlewares.py - /note_kfet/urls.py - /note_kfet/views.py - /note_kfet/wsgi.py - /entrypoint.sh
131 lines
4.6 KiB
Python
131 lines
4.6 KiB
Python
# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
from threading import local
|
|
|
|
from django.conf import settings
|
|
from django.contrib.auth import login
|
|
from django.contrib.auth.models import User
|
|
|
|
REQUEST_ATTR_NAME = getattr(settings, 'LOCAL_REQUEST_ATTR_NAME', '_current_request')
|
|
|
|
_thread_locals = local()
|
|
|
|
|
|
def _set_current_request(request=None):
|
|
setattr(_thread_locals, REQUEST_ATTR_NAME, request)
|
|
|
|
|
|
def get_current_request():
|
|
return getattr(_thread_locals, REQUEST_ATTR_NAME, None)
|
|
|
|
|
|
class SessionMiddleware(object):
|
|
"""
|
|
This middleware get the current user with his or her IP address on each request.
|
|
"""
|
|
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
# If we authenticate through a token to connect to the API, then we query the good user
|
|
if 'HTTP_AUTHORIZATION' in request.META and request.path.startswith("/api"):
|
|
token = request.META.get('HTTP_AUTHORIZATION')
|
|
if token.startswith("Token "):
|
|
token = token[6:]
|
|
from rest_framework.authtoken.models import Token
|
|
if Token.objects.filter(key=token).exists():
|
|
token_obj = Token.objects.get(key=token)
|
|
user = token_obj.user
|
|
request.user = user
|
|
session = request.session
|
|
session["permission_mask"] = 42
|
|
session.save()
|
|
|
|
_set_current_request(request)
|
|
response = self.get_response(request)
|
|
_set_current_request(None)
|
|
|
|
return response
|
|
|
|
|
|
class LoginByIPMiddleware(object):
|
|
"""
|
|
Allow some users to be authenticated based on their IP address.
|
|
For example, the "note" account should not be used elsewhere than the Kfet computer,
|
|
and should not have any password.
|
|
The password that is stored in database should be on the form "ipbased$my.public.ip.address".
|
|
"""
|
|
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
"""
|
|
If the user is not authenticated, get the used IP address
|
|
and check if an user is authorized to be automatically logged with this address.
|
|
If it is the case, the logging is performed with the full rights.
|
|
"""
|
|
if not request.user.is_authenticated:
|
|
if 'HTTP_X_REAL_IP' in request.META:
|
|
ip = request.META.get('HTTP_X_REAL_IP')
|
|
elif 'HTTP_X_FORWARDED_FOR' in request.META:
|
|
ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
|
|
else:
|
|
ip = request.META.get('REMOTE_ADDR')
|
|
|
|
qs = User.objects.filter(password__iregex=f"ipbased\\$.*\\^{ip}\\$.*")
|
|
if qs.exists():
|
|
login(request, qs.get())
|
|
session = request.session
|
|
session["permission_mask"] = 42
|
|
session.save()
|
|
|
|
return self.get_response(request)
|
|
|
|
|
|
class TurbolinksMiddleware(object):
|
|
"""
|
|
Send the `Turbolinks-Location` header in response to a visit that was redirected,
|
|
and Turbolinks will replace the browser's topmost history entry.
|
|
"""
|
|
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
response = self.get_response(request)
|
|
|
|
is_turbolinks = request.META.get('HTTP_TURBOLINKS_REFERRER')
|
|
is_response_redirect = response.has_header('Location')
|
|
|
|
if is_turbolinks:
|
|
if is_response_redirect:
|
|
location = response['Location']
|
|
prev_location = request.session.pop('_turbolinks_redirect_to', None)
|
|
if prev_location is not None:
|
|
# relative subsequent redirect
|
|
if location.startswith('.'):
|
|
location = prev_location.split('?')[0] + location
|
|
request.session['_turbolinks_redirect_to'] = location
|
|
else:
|
|
if request.session.get('_turbolinks_redirect_to'):
|
|
location = request.session.pop('_turbolinks_redirect_to')
|
|
response['Turbolinks-Location'] = location
|
|
return response
|
|
|
|
|
|
class ClacksMiddleware(object):
|
|
"""
|
|
Add Clacks Overhead header on each response.
|
|
See https://www.gnuterrypratchett.com/
|
|
"""
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
response = self.get_response(request)
|
|
response['X-Clacks-Overhead'] = 'GNU Terry Pratchett'
|
|
return response
|