diff options
Diffstat (limited to 'hyperkitty')
| -rw-r--r-- | hyperkitty/middleware.py | 40 | ||||
| -rw-r--r-- | hyperkitty/urls.py | 2 |
2 files changed, 41 insertions, 1 deletions
diff --git a/hyperkitty/middleware.py b/hyperkitty/middleware.py index 4952db2..7a92e25 100644 --- a/hyperkitty/middleware.py +++ b/hyperkitty/middleware.py @@ -29,3 +29,43 @@ class PaginationMiddleware(object): request.page = int(request.REQUEST['page']) except (KeyError, ValueError, TypeError): request.page = 1 + + + +# http://stackoverflow.com/questions/2799450/django-https-for-just-login-page + +from django.conf import settings +from django.http import HttpResponseRedirect, HttpResponsePermanentRedirect, get_host + +SSL = 'SSL' + +class SSLRedirect(object): + + def process_view(self, request, view_func, view_args, view_kwargs): + secure = view_kwargs.pop(SSL, False) + if request.user.is_authenticated(): + secure = True + if settings.DEBUG: # Development server (runserver) + secure = False + + if not secure == self._is_secure(request): + return self._redirect(request, secure) + + def _is_secure(self, request): + if request.is_secure(): + return True + + #Handle the Webfaction case until this gets resolved in the request.is_secure() + if 'HTTP_X_FORWARDED_SSL' in request.META: + return request.META['HTTP_X_FORWARDED_SSL'] == 'on' + + return False + + def _redirect(self, request, secure): + protocol = secure and "https" or "http" + newurl = "%s://%s%s" % (protocol, get_host(request), request.get_full_path()) + if settings.DEBUG and request.method == 'POST': + raise RuntimeError, \ + """Django can't perform a SSL redirect while maintaining POST data. + Please structure your views so that redirects only occur during GETs.""" + return HttpResponsePermanentRedirect(newurl) diff --git a/hyperkitty/urls.py b/hyperkitty/urls.py index e9132cc..ac1e4d7 100644 --- a/hyperkitty/urls.py +++ b/hyperkitty/urls.py @@ -39,7 +39,7 @@ urlpatterns = patterns('hyperkitty.views', url(r'^$', 'pages.index', name='root'), # Account - url(r'^accounts/login/$', login_view, {'template_name': 'login.html'}, name='user_login'), + url(r'^accounts/login/$', login_view, {'template_name': 'login.html', 'SSL': True}, name='user_login'), url(r'^accounts/logout/$', logout_view, {'next_page': '/'}, name='user_logout'), url(r'^accounts/profile/$', 'accounts.user_profile', name='user_profile'), url(r'^accounts/register/$', 'accounts.user_registration', name='user_registration'), |