Merge master into python-deps

# Conflicts: # PyRIGS/settings.py # RIGS/admin.py # RIGS/models.py # RIGS/test_functional.py # RIGS/urls.py # requirements.txt # wercker.yml
2026-01-17 13:32:15 +00:00 · 2017-05-10 17:27:52 +01:00
parent 8cfda69717 9b7c84cf08
commit 7ac9eef7a2
52 changed files with 3222 additions and 422 deletions
--- a/PyRIGS/decorators.py
+++ b/PyRIGS/decorators.py
@@ -2,23 +2,37 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.http import HttpResponseRedirect
+from django.core.urlresolvers import reverse

-def user_passes_test_with_403(test_func, login_url=None):
+from RIGS import models
+
+
+def user_passes_test_with_403(test_func, login_url=None, oembed_view=None):
    """
    Decorator for views that checks that the user passes the given test.
-    
    Anonymous users will be redirected to login_url, while users that fail
    the test will be given a 403 error.
+    If embed_view is set, then a JS redirect will be used, and a application/json+oembed
+    meta tag set with the url of oembed_view
+    (oembed_view will be passed the kwargs from the main function)
    """
    if not login_url:
        from django.conf import settings
        login_url = settings.LOGIN_URL
+
    def _dec(view_func):
        def _checklogin(request, *args, **kwargs):
            if test_func(request.user):
                return view_func(request, *args, **kwargs)
            elif not request.user.is_authenticated():
-                return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, request.get_full_path()))
+                if oembed_view is not None:
+                    extra_context = {}
+                    extra_context['oembed_url'] = "{0}://{1}{2}".format(request.scheme, request.META['HTTP_HOST'], reverse(oembed_view, kwargs=kwargs))
+                    extra_context['login_url'] = "{0}?{1}={2}".format(login_url, REDIRECT_FIELD_NAME, request.get_full_path())
+                    resp = render_to_response('login_redirect.html', extra_context, context_instance=RequestContext(request))
+                    return resp
+                else:
+                    return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, request.get_full_path()))
            else:
                resp = render_to_response('403.html', context_instance=RequestContext(request))
                resp.status_code = 403
@@ -28,14 +42,14 @@ def user_passes_test_with_403(test_func, login_url=None):
        return _checklogin
    return _dec

-def permission_required_with_403(perm, login_url=None):
+
+def permission_required_with_403(perm, login_url=None, oembed_view=None):
    """
    Decorator for views that checks whether a user has a particular permission
    enabled, redirecting to the log-in page or rendering a 403 as necessary.
    """
-    return user_passes_test_with_403(lambda u: u.has_perm(perm), login_url=login_url)
+    return user_passes_test_with_403(lambda u: u.has_perm(perm), login_url=login_url, oembed_view=oembed_view)

-from RIGS import models

 def api_key_required(function):
    """
@@ -58,10 +72,10 @@ def api_key_required(function):

        try:
            user_object = models.Profile.objects.get(pk=userid)
-        except Profile.DoesNotExist:
+        except models.Profile.DoesNotExist:
            return error_resp

        if user_object.api_key != key:
            return error_resp
        return function(request, *args, **kwargs)
-    return wrap
+    return wrap
--- a/PyRIGS/settings.py
+++ b/PyRIGS/settings.py
@@ -13,8 +13,6 @@ import os

 BASE_DIR = os.path.dirname(os.path.dirname(__file__))

-SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/

@@ -25,8 +23,20 @@ SECRET_KEY = os.environ.get('SECRET_KEY') if os.environ.get(
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = bool(int(os.environ.get('DEBUG'))) if os.environ.get('DEBUG') else True

+
+STAGING = bool(int(os.environ.get('STAGING'))) if os.environ.get('STAGING') else False
+
+TEMPLATE_DEBUG = True
+
 ALLOWED_HOSTS = ['pyrigs.nottinghamtec.co.uk', 'rigs.nottinghamtec.co.uk', 'pyrigs.herokuapp.com']

+if STAGING:
+    ALLOWED_HOSTS.append('.herokuapp.com')
+
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+if not DEBUG:
+    SECURE_SSL_REDIRECT = True # Redirect all http requests to https
+
 INTERNAL_IPS = ['127.0.0.1']

 ADMINS = (
@@ -54,6 +64,7 @@ INSTALLED_APPS = (

 MIDDLEWARE_CLASSES = (
    'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware',
+    'django.middleware.security.SecurityMiddleware',
    'reversion.middleware.RevisionMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',