Hopiu/django-tos
1
0
Fork 0
mirror of https://github.com/Hopiu/django-tos.git synced 2026-03-16 20:10:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
django-tos/tos/middleware.py
blag 766771ab0f
Properly initialize middleware
2021-12-20 02:20:11 -08:00

84 lines
3.1 KiB
Python
Raw Blame History

from django.conf import settings
from django.contrib.auth import SESSION_KEY as session_key
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.core.cache import caches
from django.http import HttpResponseRedirect
from django.urls import reverse
from django.utils.cache import add_never_cache_headers
from django.utils.deprecation import MiddlewareMixin
from .models import UserAgreement
cache = caches[getattr(settings, 'TOS_CACHE_NAME', 'default')]
tos_check_url = reverse('tos_check_tos')
class UserAgreementMiddleware(MiddlewareMixin):
"""
Some middleware to check if users have agreed to the latest TOS
"""
def __init__(self, get_response=None):
self.get_response = get_response
def process_request(self, request):
# Don't get in the way of any mutating requests
if request.method != 'GET':
return None
# Ignore ajax requests
if request.META.get('HTTP_X_REQUESTED_WITH') == 'XMLHttpRequest':
return None
# Don't redirect users when they're trying to get to the confirm page
if request.path_info == tos_check_url:
return None
# If the user doesn't have a user ID, ignore them - they're anonymous
if not request.session.get(session_key, None):
return None
# Grab the user ID from the session so we avoid hitting the database
# for the user object.
# NOTE: We use the user ID because it's not user-settable and it won't
# ever change (usernames and email addresses can change)
user_id = request.session['_auth_user_id']
user_auth_backend = request.session['_auth_user_backend']
# Get the cache prefix
key_version = cache.get('django:tos:key_version')
# Skip if the user is allowed to skip - for instance, if the user is an
# admin or a staff member
if cache.get('django:tos:skip_tos_check:{0}'.format(str(user_id)), False, version=key_version):
return None
# Ping the cache for the user agreement
user_agreed = cache.get('django:tos:agreed:{0}'.format(str(user_id)), None, version=key_version)
# If the cache is missing this user
if user_agreed is None:
# Grab the data from the database
user_agreed = UserAgreement.objects.filter(
user__id=user_id,
terms_of_service__active=True).exists()
# Set the value in the cache
cache.set('django:tos:agreed:{0}'.format(user_id), user_agreed, version=key_version)
if not user_agreed:
# Confirm view uses these session keys. Non-middleware flow sets them in login view,
# so we need to set them here.
request.session['tos_user'] = user_id
request.session['tos_backend'] = user_auth_backend
response = HttpResponseRedirect('{0}?{1}={2}'.format(
tos_check_url,
REDIRECT_FIELD_NAME,
request.path_info,
))
add_never_cache_headers(response)
return response
return None
Reference in a new issue View git blame Copy permalink