I am launching the Pinax site for collaborative purposes. I added "account.middleware.AuthenticatedMiddleware" to "MIDDLEWARE_CLASSES" to prevent anonymous access to anything on the site.
But now I need public APIs to be included. Are there any solutions besides adding a "login_required" -decorator to all kinds that should still be private?
change
Gregor Mullegger’s answer does not work. settings.AUTHENTICATED_EXEMPT_URLS seems to be overwritten somewhere in the code
class AuthenticatedMiddleware(object):
def __init__(self, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
if login_url is None:
login_url = settings.LOGIN_URL
self.redirect_field_name = redirect_field_name
self.login_url = login_url
self.exemptions = [
r"^%s" % settings.MEDIA_URL,
r"^%s" % settings.STATIC_URL,
r"^%s$" % login_url,
]
print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
if ( settings.AUTHENTICATED_EXEMPT_URLS):
self.exemptions += settings.AUTHENTICATED_EXEMPT_URLS
print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
does not print my settings, but this:
settings.AUTHENTICATED_EXEMPT_URLS ['^/account/signup/$', '^/account/password_reset', '^/account/confirm_email', '^/openid']
I will try to fix it.
source
share