Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Best way to extend django authentication/authorization

Tags:

authentication

django

I'm adding in a Terms of Service acceptance requirement to our site and am trying to figure out the best way to handle this within Django's authentication framework.

For simplicity's sake, here's a UserProfile model:

class UserProfile(models.Model):
    user = models.OneToOneField(User)
    accepted_tos_at = models.DateTimeField(default=None, editable=False, null=True)

So basically what I want to do is to check that accepted_tos_at is not None (or in reality greater than the date of the last TOS revision). If it passes this test then we authenticate normally, but if it is None all views except login and tos_display are inaccessible.

What I'm hung up on is how should you go about doing this globally? I would rather not add in user_passes_test decorators to every one of my views and likewise I'd like to avoid testing for this permission in every one of my views. There must be a cleaner way.

like image 296
AndrewJesaitis Avatar asked Dec 27 '22 18:12

AndrewJesaitis

1 Answers

Generally, when you're talking about something that should apply to every view, then, you're talking about middleware. In your case, this is relatively straight-forward:

class AcceptTOSMiddleware(object):
    def process_request(request):
        login_url = reverse('login')
        tos_url = reverse('tos_display')
        if request.path not in [login_url, tos_url]:
            profile = request.user.get_profile()
            if profile.accepted_tos_at is None or \
               profile.accepted_tos_at < settings.LAST_TOS_REVISION:
                return HttpResponseRedirect(tos_url)
        return None

First, this checks if the requested URL is not the login or TOS views. This prevents infinite loops if a redirect is necessary. Then, you check the accepted_tos_at. I assumed you're simply going to store the last revision date as a setting, so you'll need to modify that if you have other plans. If the TOS needs to be accepted, the user is redirected to the TOS view, otherwise, the middleware returns None which tells Django to keep processing the request as normal.

Just add the middleware to MIDDLEWARE_CLASSES and you're golden.

like image 168
Chris Pratt Avatar answered Jan 06 '23 01:01

Chris Pratt
Sign in to Comment

Related questions

Installing PIL on MAC OS X LION 10.7.2 with PIP INSTALLER
Django Template - Stop processing template
Django HTML truncation
Django Caching - Remove caching for certain pages
Django Management Command ImportError
Differentiate Context, Request Context in django
Getting serialized json objects from django templates?
Rich text editor in Django admin - Hiding the HTML tags in the change list
Django Logout Button
django-pipeline and s3boto storage don't seem to work together
Port ASP to Django or ASP.NET
How to improved query performance in Django admin search on related fields (MySQL)
Tastypie ajax POST obj_create - How to return json
How to link a folder with an existing Heroku app with mercurial
Stuck with deploying django with apache + mod_wsgi
Error 1054, "Unknown column 'student_info.id' in 'field list'" - Django
What is the correct exception when trying to create a Django record when only one record is allowed
Connection Error with Django/Celery and CloudAMQP/Heroku
How to query floatfield in Django?
Daemon process cannot be accessed by this WSGI application: /mod.wsgi

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!