Luke Plant avatar Luke Plant committed b2ec25b

Made secure download links redirect to login (and made it work for our login page)

Comments (0)

Files changed (2)


 import datetime
 import operator
+import urlparse
 from django import forms
 from django.conf import settings
 from django.contrib.admin.views.decorators import staff_member_required
+from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.decorators import user_passes_test
 from django.contrib.auth.models import User
 from django.contrib import messages
 def index(request):
     """Displays a list of links/buttons for various actions."""
+    # Handle redirects, since this page is LOGIN_URL
+    redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
+    if redirect_to:
+        netloc = urlparse.urlparse(redirect_to)[1]
+        # Heavier security check -- don't allow redirection to a different
+        # host.
+        if netloc == '' or netloc == request.get_host():
+            return HttpResponseRedirect(redirect_to)
     user = request.user
     c = {}
     c['thisyear'] = common.get_thisyear()


 import os
 import posixpath
 import urllib
 from django.conf import settings
+from django.contrib.auth.views import redirect_to_login
 from django.http import Http404, HttpResponseRedirect, HttpResponseForbidden
 from django.utils.crypto import salted_hmac
                 raise Http404()
             return serve_secure_file(os.path.join(folder, fname))
+            user = getattr(request, 'user', None)
+            if user is not None and not user.is_authenticated():
+                # redirect to login
+                return redirect_to_login(request.get_full_path())
             return HttpResponseForbidden("<h1>Access denied</h1>")
     return view
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.