stackoom
  简体   繁体   中英

Django Login Required Middleware does not redirect

 原文  2020-01-22 18:47:23       python/ django/ middleware

Question

I'm super new to Django and I have created a middleware that should direct my users to the index page with login view when trying to access the pages that are supposed to work only for logged users. Even though I don't get any error in my terminal, it does not work. When I type http://127.0.0.1:8000/profile/ in my browser, I'm still able to see it. Instead of that, I would like to direct my users to the login page.

movie_project/middleware.py

from django.http import HttpResponseRedirect
from django.conf import settings
from re import compile

EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
    EXEMPT_URLS += [compile(expr) for expr in settings.LOGIN_EXEMPT_URLS]

class LoginRequiredMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        return self.get_response(request)

    def process_request(self, request):
        assert hasattr(request, 'user')
        if not request.user.is_authenticated():
            path = request.path_info.lstrip('/')
            if not any(m.match(path) for m in EXEMPT_URLS):
                return HttpResponseRedirect(settings.LOGIN_URL)

settings.py

import os

BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
SECRET_KEY = ''

DEBUG = True

ALLOWED_HOSTS = []

SETTINGS_PATH = os.path.dirname(os.path.dirname(__file__))

# Application definition

INSTALLED_APPS = [
    'movies_app',
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'multiselectfield'
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'movie_project.middleware.LoginRequiredMiddleware',
]

LOGIN_URL = 'movies_app.views.index'


LOGIN_URL = '/index/'


MIDDLEWARE_CLASSES = (
    'python.path.to.LoginRequiredMiddleware',
)


ROOT_URLCONF = 'movie_project.urls'
AUTH_USER_MODEL = 'movies_app.User'
MEDIA_ROOT =  os.path.join(BASE_DIR, 'media') 
MEDIA_URL = '/media/'



TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
                'django.template.context_processors.media',
            ],
        },
    },
]

TEMPLATE_DIRS = (
    os.path.join(SETTINGS_PATH, 'templates'),
)

WSGI_APPLICATION = 'movie_project.wsgi.application'

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
    }
}

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_L10N = True

USE_TZ = True


STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'static')

urls.py

from django.urls import path
from django.conf import settings
from django.conf.urls.static import static
from .views import editprofile

from . import views

app_name = 'movies_app'

urlpatterns = [
    path('', views.login, name='login'),
    path('browse/', views.index, name='index'),
    path('register/', views.register, name='register'),
    path('movies/', views.allMovies, name='allMovies'),
    path('movies/<int:pk>/', views.movie, name='movie'),
    path('movies/<int:pk>/rate', views.addRating, name='rate'),
    path('my-list/', views.myMovies, name='my-list'),
    path('my-list/<int:pk>/delete', views.deleteFavoriteMovie, name='favorite-movie-delete'),
    path('profile/', views.profile, name='register'),
    path('editprofile/', views.editprofile, name='editprofile'),
    path('logout/', views.logout, name='logout'),
    path('movie-video', views.movieVideo, name='movie-video')
]  + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

Anyone knows where can be a problem? Thank you so much for any help!

2 answers

solution1
 1 ACCPTED  2020-01-22 22:30:49

Your login required middleware does not appear to be doing anything outside of the normal. Is there a reason you have not simply used the login_required decorator on some of your views?

This decorator can be added to any (class based or function based) view where authentication is required. For example

from django.contrib.auth.decorators import login_required

@login_required
def movies_list(request):
    ...

This will then automatically render the view for all users who are logged in and otherwise redirect the user to the LOGIN_URL if not authenticated.

Whilst you can run your own middleware for such auth, I would strongly use the battle-tested options within the Django framework.

In the case of your comment above:

When I type http://127.0.0.1:8000/profile/ in my browser, I'm still able to see it. Instead of that, I would like to direct my users to the login page.

On your profile view function or class base method simply add @login_required with the appropriate import statement ( from django.contrib.auth.decorators import login_required ).

solution2
 0  2020-01-22 18:51:57

It's somewhat confusing to have two variables named the same thing in settings.py?

LOGIN_URL = 'movies_app.views.index'
LOGIN_URL = '/index/'

They're just above MIDDLEWARE_CLASSES. Here' a reference to the HTTPResponseRedirect. https://docs.djangoproject.com/en/3.0/ref/request-response/#django.http.HttpResponseRedirect In other words, delete the one that says movies_app.views.index

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django login required middleware not working Django Login Required Redirect Django does not redirect to "Next" after custom login when login is required django-login-required-middleware WSGI error Django: @login_required decorator does not redirect to “next” Django after @login_required redirect to next login_required Django redirect next not working How to escape the required login or protection ensured by the middleware in Django? django-login-required middleware giving type error Django PasswordResetDoneView does not redirect to login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM