annotate gpp/core/middleware.py @ 322:c3d3d7114749

Fix #148; Django now requires AJAX posts to present the CSRF token. Added code suggested by Django docs to shoutbox.js. Since shoutbox.js is on every page, it should cover all cases.
author Brian Neal <bgneal@gmail.com>
date Sat, 12 Feb 2011 21:37:17 +0000
parents a2d388ed106e
children e9a066db3f54
rev   line source
bgneal@215 1 """Common middleware for the entire project."""
bgneal@227 2 import datetime
bgneal@227 3
bgneal@215 4 from django.contrib.auth import logout
bgneal@227 5 from django.conf import settings
bgneal@227 6
bgneal@227 7 from core.models import UserLastVisit
bgneal@227 8 from core.models import AnonLastVisit
bgneal@227 9 from core.functions import get_ip
bgneal@227 10
bgneal@215 11
bgneal@215 12 class InactiveUserMiddleware(object):
bgneal@215 13 """
bgneal@215 14 This middleware ensures users with is_active set to False get their
bgneal@215 15 session destroyed and are treated as logged out.
bgneal@215 16 This middleware should come after the 'django.contrib.auth.middleware.
bgneal@215 17 AuthenticationMiddleware' in settings.py.
bgneal@215 18 Idea taken from: http://djangosnippets.org/snippets/1105/
bgneal@215 19 """
bgneal@215 20
bgneal@227 21 def process_view(self, request, view_func, view_args, view_kwargs):
bgneal@215 22 if request.user.is_authenticated() and not request.user.is_active:
bgneal@215 23 logout(request)
bgneal@215 24
bgneal@227 25
bgneal@227 26 ONLINE_COOKIE = 'sg101_online' # online cookie name
bgneal@227 27 ONLINE_TIMEOUT = 10 * 60 # online cookie lifetime in seconds
bgneal@227 28
bgneal@227 29 class WhosOnline(object):
bgneal@227 30 """
bgneal@227 31 This middleware class keeps track of which registered users have
bgneal@227 32 been seen recently, and the number of unique unregistered users.
bgneal@227 33 This middleware should come after the authentication middleware,
bgneal@227 34 as we count on the user attribute being attached to the request.
bgneal@227 35 """
bgneal@227 36
bgneal@227 37 def process_response(self, request, response):
bgneal@227 38 """
bgneal@227 39 Keep track of who is online.
bgneal@227 40 """
bgneal@231 41 # Note that some requests may not have a user attribute
bgneal@231 42 # as these may have been redirected in the middleware chain before
bgneal@231 43 # the auth middleware got a chance to run. If this is the case, just
bgneal@231 44 # bail out. We also ignore AJAX requests.
bgneal@231 45
bgneal@231 46 if not hasattr(request, 'user') or request.is_ajax():
bgneal@229 47 return response
bgneal@227 48
bgneal@227 49 if request.user.is_authenticated():
bgneal@227 50 if request.COOKIES.get(ONLINE_COOKIE) is None:
bgneal@227 51 # update the last seen timestamp
bgneal@227 52 try:
bgneal@227 53 ulv = UserLastVisit.objects.get(user=request.user)
bgneal@227 54 except UserLastVisit.DoesNotExist:
bgneal@227 55 ulv = UserLastVisit(user=request.user)
bgneal@227 56
bgneal@227 57 ulv.last_visit = datetime.datetime.now()
bgneal@227 58 ulv.save()
bgneal@227 59
bgneal@227 60 # set a cookie to expire in 10 minutes or so
bgneal@227 61 response.set_cookie(ONLINE_COOKIE, '1', max_age=ONLINE_TIMEOUT)
bgneal@227 62 else:
bgneal@227 63 if request.COOKIES.get(settings.CSRF_COOKIE_NAME) is not None:
bgneal@227 64 # We have a non-authenticated user that has cookies enabled. This
bgneal@227 65 # means we can track them.
bgneal@227 66 if request.COOKIES.get(ONLINE_COOKIE) is None:
bgneal@227 67 # update the timestamp for this anonymous visitor
bgneal@227 68 ip = get_ip(request)
bgneal@227 69 if ip:
bgneal@227 70 try:
bgneal@227 71 alv = AnonLastVisit.objects.get(ip=ip)
bgneal@227 72 except AnonLastVisit.DoesNotExist:
bgneal@227 73 alv = AnonLastVisit(ip=ip)
bgneal@227 74
bgneal@227 75 alv.last_visit = datetime.datetime.now()
bgneal@227 76 alv.save()
bgneal@227 77
bgneal@227 78 # set a cookie to expire in 10 minutes or so
bgneal@227 79 response.set_cookie(ONLINE_COOKIE, '1', max_age=ONLINE_TIMEOUT)
bgneal@227 80
bgneal@227 81 return response