Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Change to allow exclusion of sub-folders from auth #1

Merged
merged 1 commit into from

2 participants

@willcritchlow

Hi,

I've never done this before - I hope I don't break any etiquette - please let me know if I'm doing it wrong.

I made a change that we needed to enable a sub-folder of AUTH_PROTECTED_AREAS to be excluded from protection (we needed this so that we could have '/' protected, but still have /api publicly accessible).

I hope it makes sense and you might be able to make use of it. Give me a shout if you have any questions. I tried to copy your coding style - I'm not an experienced Python developer so again - let me know if it's wrong.

Many thanks
Will

@mdornseif mdornseif merged commit ca5dc52 into hudora:master
@mdornseif
Owner

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 13 additions and 0 deletions.
  1. +5 −0 README.rst
  2. +8 −0 googleappsauth/middleware.py
View
5 README.rst
@@ -54,6 +54,11 @@ In addition you can set `AUTH_PROTECTED_AREAS` to authenticate only access to ce
::
AUTH_PROTECTED_AREAS = ['/admin']
+
+If you wish, you can add `AUTH_EXCLUDED_AREAS` to remove authentication from sub-folders of your protected areas, e.g.
+::
+
+ AUTH_EXCLUDED_AREAS = ['/admin/public']
Download
========
View
8 googleappsauth/middleware.py
@@ -34,6 +34,14 @@ def process_request(self, request):
if len(matches) == 0:
return
+ # Don't force authentication for excluded areas - allow sub-folders without auth
+ excludes = getattr(settings, 'AUTH_EXCLUDED_AREAS', [])
+ if hasattr(excludes, 'split'):
+ excludes = excludes.split('+')
+ exclude_matches = [exclude for exclude in excludes if path.startswith(exclude)]
+ if len(exclude_matches) != 0:
+ return
+
# Dont force authentication for the callback URL since it would
# result in a loop
callback_url = request.build_absolute_uri(reverse(googleappsauth.views.callback))
Something went wrong with that request. Please try again.