|
1 | 1 | """Terms and Conditions Middleware""" |
2 | | - |
3 | 2 | # ref: https://github.com/cyface/django-termsandconditions/blob/main/termsandconditions/middleware.py |
4 | 3 | import logging |
5 | 4 |
|
6 | 5 | from django.conf import settings |
7 | 6 | from django.http import HttpResponseRedirect |
8 | 7 | from django.urls import reverse |
9 | | -from django.utils.deprecation import MiddlewareMixin |
10 | 8 |
|
11 | 9 | from .utils import user_has_accepted_terms |
12 | 10 |
|
13 | 11 | LOGGER = logging.getLogger(__name__) |
14 | 12 |
|
15 | | - |
16 | 13 | ACCEPT_TERMS_PATH = getattr(settings, "ACCEPT_TERMS_PATH", reverse("terms_of_use_update")) |
17 | 14 | TERMS_EXCLUDE_URL_PREFIX_LIST = getattr( |
18 | 15 | settings, |
19 | 16 | "TERMS_EXCLUDE_URL_PREFIX_LIST", |
20 | | - {"/admin", "/i18n", "/static", "/account"}, |
21 | | -) |
22 | | -TERMS_EXCLUDE_URL_CONTAINS_LIST = getattr( |
23 | | - settings, "TERMS_EXCLUDE_URL_CONTAINS_LIST", {} |
| 17 | + ["/admin", "/i18n", "/static", "/account"], |
24 | 18 | ) |
| 19 | +TERMS_EXCLUDE_URL_CONTAINS_LIST = getattr(settings, "TERMS_EXCLUDE_URL_CONTAINS_LIST", []) |
25 | 20 | TERMS_EXCLUDE_URL_LIST = getattr( |
26 | 21 | settings, |
27 | 22 | "TERMS_EXCLUDE_URL_LIST", |
28 | | - {"/", settings.LOGOUT_URL}, |
| 23 | + ["/", settings.LOGOUT_URL], |
29 | 24 | ) |
30 | 25 |
|
31 | 26 |
|
32 | | -class TermsAndConditionsRedirectMiddleware(MiddlewareMixin): |
33 | | - |
34 | | - def process_request(self, request): |
35 | | - """Process each request to app to ensure terms have been accepted""" |
36 | | - |
37 | | - if not settings.ACCOUNT_TERMS_OF_USE: |
38 | | - return None # If terms are not enabled, consider them accepted. |
39 | | - |
40 | | - current_path = request.META["PATH_INFO"] |
| 27 | +class TermsAndConditionsRedirectMiddleware: |
| 28 | + """Middleware to ensure terms and conditions have been accepted.""" |
41 | 29 |
|
42 | | - if request.user.is_authenticated and is_path_protected(current_path): |
43 | | - if not user_has_accepted_terms(request.user, request.session): |
44 | | - # Redirect to update consent page if consent is missing |
45 | | - return HttpResponseRedirect(reverse("terms_of_use_update")) |
| 30 | + def __init__(self, get_response): |
| 31 | + self.get_response = get_response |
46 | 32 |
|
47 | | - return None |
| 33 | + def __call__(self, request): |
| 34 | + # Skip processing if ACCOUNT_TERMS_OF_USE is disabled |
| 35 | + if not getattr(settings, "ACCOUNT_TERMS_OF_USE", False): |
| 36 | + return self.get_response(request) |
48 | 37 |
|
| 38 | + # check if the current path is protected |
| 39 | + if ( |
| 40 | + request.user.is_authenticated |
| 41 | + and self.is_path_protected(request.path) |
| 42 | + and not user_has_accepted_terms(request.user, request.session) |
| 43 | + ): |
| 44 | + return HttpResponseRedirect(ACCEPT_TERMS_PATH) |
49 | 45 |
|
50 | | -def is_path_protected(path): |
51 | | - """ |
52 | | - returns True if given path is to be protected, otherwise False |
| 46 | + # Proceed with the response for non-protected paths or accepted terms |
| 47 | + return self.get_response(request) |
53 | 48 |
|
54 | | - The path is not to be protected when it appears on: |
55 | | - TERMS_EXCLUDE_URL_PREFIX_LIST, TERMS_EXCLUDE_URL_LIST, TERMS_EXCLUDE_URL_CONTAINS_LIST or as |
56 | | - ACCEPT_TERMS_PATH |
57 | | - """ |
58 | | - protected = True |
| 49 | + @staticmethod |
| 50 | + def is_path_protected(path): |
| 51 | + """ |
| 52 | + Determine if a given path is protected by the middleware. |
59 | 53 |
|
60 | | - for exclude_path in TERMS_EXCLUDE_URL_PREFIX_LIST: |
61 | | - if path.startswith(exclude_path): |
62 | | - protected = False |
| 54 | + Paths are excluded if they match any of the following: |
| 55 | + - Start with a prefix in TERMS_EXCLUDE_URL_PREFIX_LIST |
| 56 | + - Contain a substring in TERMS_EXCLUDE_URL_CONTAINS_LIST |
| 57 | + - Are explicitly listed in TERMS_EXCLUDE_URL_LIST |
| 58 | + - Start with the ACCEPT_TERMS_PATH |
| 59 | + """ |
| 60 | + if any(path.startswith(prefix) for prefix in TERMS_EXCLUDE_URL_PREFIX_LIST): |
| 61 | + return False |
63 | 62 |
|
64 | | - for contains_path in TERMS_EXCLUDE_URL_CONTAINS_LIST: |
65 | | - if contains_path in path: |
66 | | - protected = False |
| 63 | + if any(substring in path for substring in TERMS_EXCLUDE_URL_CONTAINS_LIST): |
| 64 | + return False |
67 | 65 |
|
68 | | - if path in TERMS_EXCLUDE_URL_LIST: |
69 | | - protected = False |
| 66 | + if path in TERMS_EXCLUDE_URL_LIST: |
| 67 | + return False |
70 | 68 |
|
71 | | - if path.startswith(ACCEPT_TERMS_PATH): |
72 | | - protected = False |
| 69 | + if path.startswith(ACCEPT_TERMS_PATH): |
| 70 | + return False |
73 | 71 |
|
74 | | - return protected |
| 72 | + return True |
0 commit comments