Best way to make Django’s login_required the default

by

Middleware may be your best bet. I’ve used this piece of code in the past, modified from a snippet found elsewhere:

import re

from django.conf import settings
from django.contrib.auth.decorators import login_required


class RequireLoginMiddleware(object):
    """
    Middleware component that wraps the login_required decorator around
    matching URL patterns. To use, add the class to MIDDLEWARE_CLASSES and
    define LOGIN_REQUIRED_URLS and LOGIN_REQUIRED_URLS_EXCEPTIONS in your
    settings.py. For example:
    ------
    LOGIN_REQUIRED_URLS = (
        r'/topsecret/(.*)$',
    )
    LOGIN_REQUIRED_URLS_EXCEPTIONS = (
        r'/topsecret/login(.*)$',
        r'/topsecret/logout(.*)$',
    )
    ------
    LOGIN_REQUIRED_URLS is where you define URL patterns; each pattern must
    be a valid regex.

    LOGIN_REQUIRED_URLS_EXCEPTIONS is, conversely, where you explicitly
    define any exceptions (like login and logout URLs).
    """
    def __init__(self):
        self.required = tuple(re.compile(url) for url in settings.LOGIN_REQUIRED_URLS)
        self.exceptions = tuple(re.compile(url) for url in settings.LOGIN_REQUIRED_URLS_EXCEPTIONS)

    def process_view(self, request, view_func, view_args, view_kwargs):
        # No need to process URLs if user already logged in
        if request.user.is_authenticated():
            return None

        # An exception match should immediately return None
        for url in self.exceptions:
            if url.match(request.path):
                return None

        # Requests matching a restricted URL pattern are returned
        # wrapped with the login_required decorator
        for url in self.required:
            if url.match(request.path):
                return login_required(view_func)(request, *view_args, **view_kwargs)

        # Explicitly return None for all non-matching requests
        return None

Then in settings.py, list the base URLs you want to protect:

LOGIN_REQUIRED_URLS = (
    r'/private_stuff/(.*)$',
    r'/login_required/(.*)$',
)

As long as your site follows URL conventions for the pages requiring authentication, this model will work. If this isn’t a one-to-one fit, you may choose to modify the middleware to suit your circumstances more closely.

What I like about this approach – besides removing the necessity of littering the codebase with @login_required decorators – is that if the authentication scheme changes, you have one place to go to make global changes.

More Related Contents:

  1. Using django for CLI tool
  2. Reference list item by index within Django template?
  3. How can I filter a date of a DateTimeField in Django?
  4. How to stream an HttpResponse with Django
  5. Django-Registration & Django-Profile, using your own custom form
  6. Django/Python Beginner: Error when executing python manage.py syncdb – psycopg2 not found
  7. Default filter in Django admin
  8. Django REST Framework POST nested objects
  9. How do you reload a Django model module using the interactive interpreter via “manage.py shell”?
  10. django-filter use paginations
  11. Is this the way to validate Django model fields?
  12. Django – How to rename a model field using South?
  13. How to run Django’s test database only in memory?
  14. How to get the domain name of my site within a Django template?
  15. CSV new-line character seen in unquoted field error
  16. How to have a Python script for a Django app that accesses models without using the manage.py shell?
  17. Can one use the Django database layer outside of Django?
  18. How do I use the built in password reset/change views with my own templates
  19. models.py getting huge, what is the best way to break it up?
  20. matching query does not exist Error in Django
  21. sqlite3.OperationalError: unable to open database file
  22. Django Standalone Script
  23. Django admin file upload with current model id
  24. one-to-many inline select with django admin
  25. How to create a custom decorator in Django?
  26. How can I set a default value for a field in a Django model?
  27. How to assign a local file to the FileField in Django?
  28. Writable nested serializer in django-rest-framework?
  29. Add custom form fields that are not part of the model (Django)
  30. Can a dictionary be passed to django models on create?

Leave a Comment