[Django] #35932: Add a LOGIN_REQUIRED_URLS_EXCEPTIONS for LoginRequiredMiddleware

Sat, 23 Nov 2024 01:43:47 -0800 

#35932: Add a LOGIN_REQUIRED_URLS_EXCEPTIONS for LoginRequiredMiddleware
-------------------------------------+-------------------------------------
     Reporter:  levimoore            |                     Type:
                                     |  Cleanup/optimization
       Status:  new                  |                Component:
                                     |  contrib.auth
      Version:  5.1                  |                 Severity:  Normal
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  1                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
 LoginRequired middleware is great for security but it makes it tough to
 use third party libraries like django auth or django cookies when they
 have their own urls and you can't make them not required unless you make
 your won custom views and add the decorator. The workarounf is makign a
 custom middleware like this


 {{{
 class CustomLoginRequiredMiddleware(LoginRequiredMiddleware):
     def __init__(self, get_response):
         super().__init__(get_response)
         # Compile the regex patterns
         self.exempt_urls = [
             re.compile(pattern) for pattern in
 settings.LOGIN_REQUIRED_URLS_EXCEPTIONS
         ]

     def process_view(self, request, view_func, view_args, view_kwargs):
         path = request.path_info
         # First check our exempt URLs
         if any(pattern.match(path) for pattern in self.exempt_urls):
             return None

         # If not exempt, continue with normal login required check
         return super().process_view(request, view_func, view_args,
 view_kwargs)
 }}}

 but to do this in every proejct is not ideal for the growth of django

 instead it should be by default allowable to have routes that dont need to
 be logged into by the settings.py file like


 {{{
 LOGIN_REQUIRED_URLS_EXCEPTIONS = [
     r"^/accounts/",  # allauth URLs
     r"^/cookies/",  # cookie consent URLs
     r"^/static/",  # static files
     r"^/media/",  # media files
     r"^/admin/admin_sso/",
     # Add any other paths you want to exempt from login
 ]
 }}}
-- 
Ticket URL: <https://code.djangoproject.com/ticket/35932>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/010701935867c587-3d6f4bed-93a9-440f-8299-91782ac60ea5-000000%40eu-central-1.amazonses.com.

Reply via email to