| 26 |
26 |
from django import http
|
| 27 |
27 |
from django.conf import settings
|
| 28 |
28 |
from django.contrib import messages
|
|
29 |
from django.db.models import Model
|
| 29 |
30 |
from django.utils.deprecation import MiddlewareMixin
|
| 30 |
31 |
from django.utils.functional import SimpleLazyObject
|
| 31 |
32 |
from django.utils.translation import ugettext as _
|
| ... | ... | |
| 108 |
109 |
|
| 109 |
110 |
def check_view_restrictions(self, request):
|
| 110 |
111 |
'''Check if a restriction on accessible views must be applied'''
|
| 111 |
|
from django.db.models import Model
|
| 112 |
|
|
| 113 |
|
from .models import PasswordReset
|
| 114 |
112 |
|
| 115 |
113 |
user = request.user
|
| 116 |
|
b = user.is_authenticated
|
| 117 |
|
if b and isinstance(user, Model):
|
| 118 |
|
now = time.time()
|
| 119 |
|
last_time = request.session.get('last_password_reset_check', 0)
|
| 120 |
|
if now - last_time > 10:
|
| 121 |
|
if PasswordReset.objects.filter(user=request.user).exists():
|
| 122 |
|
return 'password_change'
|
| 123 |
|
request.session['last_password_reset_check'] = now
|
|
114 |
|
|
115 |
# If the session is unlogged, do nothing
|
|
116 |
if user is None or not user.is_authenticated:
|
|
117 |
return None
|
|
118 |
|
|
119 |
# If the latest check was succesfull, do nothing.
|
|
120 |
now = time.time()
|
|
121 |
last_time = request.session.get('last_view_restriction_check', 0)
|
|
122 |
if now - last_time <= 60:
|
|
123 |
return None
|
|
124 |
|
|
125 |
view = self.check_password_reset_view_restriction(request, user)
|
|
126 |
if view:
|
|
127 |
return view
|
|
128 |
|
| 124 |
129 |
for plugin in plugins.get_plugins():
|
| 125 |
130 |
if hasattr(plugin, 'check_view_restrictions'):
|
| 126 |
|
view = plugin.check_view_restrictions(request)
|
|
131 |
view = plugin.check_view_restrictions(request, user)
|
| 127 |
132 |
if view:
|
| 128 |
133 |
return view
|
| 129 |
134 |
|
|
135 |
# do not check for 60 seconds
|
|
136 |
request.session['last_password_reset_check'] = now
|
|
137 |
return None
|
|
138 |
|
|
139 |
def check_password_reset_view_restriction(self, request, user):
|
|
140 |
# If user is authenticated and a password_reset_flag is set, force
|
|
141 |
# redirect to password change and show a message.
|
|
142 |
from . import models
|
|
143 |
|
|
144 |
if (
|
|
145 |
user.is_authenticated
|
|
146 |
and isinstance(user, Model)
|
|
147 |
and models.PasswordReset.objects.filter(user=request.user).exists()
|
|
148 |
):
|
|
149 |
if request.resolver_match.url_name != 'password_change':
|
|
150 |
messages.warning(request, _('You must change your password to continue'))
|
|
151 |
return 'password_change'
|
|
152 |
|
| 130 |
153 |
def process_view(self, request, view_func, view_args, view_kwargs):
|
| 131 |
|
'''If current view is not the one we should be, redirect'''
|
|
154 |
'''If current view is not the one where we should be, redirect'''
|
| 132 |
155 |
view = self.check_view_restrictions(request)
|
| 133 |
|
if not view or request.resolver_match.url_name in (view, 'auth_logout'):
|
|
156 |
if not view:
|
|
157 |
return
|
|
158 |
url_name = request.resolver_match.url_name
|
|
159 |
|
|
160 |
# do not block on the restricted view
|
|
161 |
if view == url_name:
|
|
162 |
return
|
|
163 |
|
|
164 |
# prevent blocking people when they logout
|
|
165 |
if 'logout' in url_name or '-slo' in url_name:
|
| 134 |
166 |
return
|
| 135 |
|
if view == 'password_change':
|
| 136 |
|
messages.warning(request, _('You must change your password to continue'))
|
| 137 |
167 |
return utils_misc.redirect_and_come_back(request, view)
|
| 138 |
168 |
|
| 139 |
169 |
|
| 140 |
|
-
|