geonode.security.middleware

Attributes

login_url

login_url

white_list_paths

white_list

Classes

LoginRequiredMiddleware

Requires a user to be logged in to access any page that is not white-listed.

LoginFromApiKeyMiddleware

SessionControlMiddleware

Middleware that checks if session variables have been correctly set.

AdminAllowedMiddleware

Middleware that checks if admin is making requests from allowed IPs.

Module Contents

geonode.security.middleware.login_url[source]
geonode.security.middleware.login_url[source]
geonode.security.middleware.white_list_paths[source]
geonode.security.middleware.white_list[source]
class geonode.security.middleware.LoginRequiredMiddleware(get_response)[source]

Bases: django.utils.deprecation.MiddlewareMixin

Requires a user to be logged in to access any page that is not white-listed.

This middleware simply checks user property of a request, to determine whether the query is authenticated or not, but since DRF assumes correlation between session authentication and presence of user property in the request, an additional check was introduced in the middleware, to allow Basic authenticated requests without additional middleware setting this property (otherwise, all DRF views configured with: authentication_classes = [SessionAuthentication,] would accept Basic authenticated requests (regardless of presence of BasicAuthentication in view’s authentication_classes).

redirect_to[source]
get_response[source]
process_request(request)[source]
class geonode.security.middleware.LoginFromApiKeyMiddleware(get_response)[source]

Bases: django.utils.deprecation.MiddlewareMixin

get_response[source]
process_request(request)[source]

If an api key is provided and validated, the user can access to the page even without the login This middleware is deactivated by default, to activate it set ENABLE_APIKEY_LOGIN=True

class geonode.security.middleware.SessionControlMiddleware(get_response)[source]

Bases: django.utils.deprecation.MiddlewareMixin

Middleware that checks if session variables have been correctly set.

redirect_to[source]
get_response[source]
process_request(request)[source]
do_logout(request)[source]
class geonode.security.middleware.AdminAllowedMiddleware(get_response)[source]

Bases: django.utils.deprecation.MiddlewareMixin

Middleware that checks if admin is making requests from allowed IPs.

get_response[source]
process_request(request)[source]