from time import time import re from django.conf import settings from django.http import HttpResponseRedirect from django.shortcuts import resolve_url from django.dispatch import receiver from django.utils.deprecation import MiddlewareMixin from django.contrib.auth import logout from django.contrib.auth.views import redirect_to_login from django.contrib.auth.signals import user_logged_in from . import signals LOGIN_TIME_SESSION_KEY = 'hoover.contrib.twofactor.login_time' @receiver(user_logged_in) def on_login_success(sender, request, **kwargs): request.session[LOGIN_TIME_SESSION_KEY] = time() class AutoLogout(MiddlewareMixin): def process_request(self, request): if not settings.HOOVER_TWOFACTOR_AUTOLOGOUT: return user = request.user if user.is_authenticated: login_time = request.session.get(LOGIN_TIME_SESSION_KEY) or 0 if time() - login_time > settings.HOOVER_TWOFACTOR_AUTOLOGOUT: signals.auto_logout.send(AutoLogout, username=user.get_username()) logout(request) login = "{}?next={}".format(settings.LOGIN_URL, request.path) return HttpResponseRedirect(login) class RequireAuth(MiddlewareMixin): def process_request(self, request): WHITELIST = [ r'^/accounts/', r'^/invitation/', r'^/static/', r'^/_ping$', r'^/_is_staff$', ] for pattern in WHITELIST: if re.match(pattern, request.path): return user = request.user if user.is_verified(): return resolved_login_url = resolve_url(settings.LOGIN_URL) return redirect_to_login(request.path, resolved_login_url, 'next')