SSL redirect middleware

Redirect the login page to SSL, and keep browsing in SSL while the user
is logged in.

1 files changed, 40 insertions, 0 deletions

diff --git a/hyperkitty/middleware.py b/hyperkitty/middleware.py
index 4952db2..7a92e25 100644
--- a/hyperkitty/middleware.py
+++ b/hyperkitty/middleware.py
@@ -29,3 +29,43 @@ class PaginationMiddleware(object):
             request.page = int(request.REQUEST['page'])
         except (KeyError, ValueError, TypeError):
             request.page = 1
+
+
+
+# http://stackoverflow.com/questions/2799450/django-https-for-just-login-page
+
+from django.conf import settings
+from django.http import HttpResponseRedirect, HttpResponsePermanentRedirect, get_host
+
+SSL = 'SSL'
+
+class SSLRedirect(object):
+
+    def process_view(self, request, view_func, view_args, view_kwargs):
+        secure = view_kwargs.pop(SSL, False)
+        if request.user.is_authenticated():
+            secure = True
+        if settings.DEBUG: # Development server (runserver)
+            secure = False
+
+        if not secure == self._is_secure(request):
+            return self._redirect(request, secure)
+
+    def _is_secure(self, request):
+        if request.is_secure():
+            return True
+
+        #Handle the Webfaction case until this gets resolved in the request.is_secure()
+        if 'HTTP_X_FORWARDED_SSL' in request.META:
+            return request.META['HTTP_X_FORWARDED_SSL'] == 'on'
+
+        return False
+
+    def _redirect(self, request, secure):
+        protocol = secure and "https" or "http"
+        newurl = "%s://%s%s" % (protocol, get_host(request), request.get_full_path())
+        if settings.DEBUG and request.method == 'POST':
+            raise RuntimeError, \
+        """Django can't perform a SSL redirect while maintaining POST data.
+           Please structure your views so that redirects only occur during GETs."""
+        return HttpResponsePermanentRedirect(newurl)