karmaworld/utils/SSLRedirect.py

   1 __license__ = "Python"
   2 __copyright__ = "Copyright (C) 2007, Stephen Zabel"
   3 __author__ = "Stephen Zabel - sjzabel@gmail.com"
   4 __contributors__ = "Jay Parlar - parlar@gmail.com"
   5
   6 from django.conf import settings
   7 from django.http import HttpResponsePermanentRedirect
   8 from django.contrib.sites.models import get_current_site
   9
  10 SSL = 'SSL'
  11
  12
  13 class SSLRedirect(object):
  14
  15     def process_view(self, request, view_func, view_args, view_kwargs):
  16         # Does connection require security?
  17         if SSL in view_kwargs:
  18             secure = view_kwargs[SSL]
  19             del view_kwargs[SSL]
  20         else:
  21             secure = False
  22
  23         if request.user.is_authenticated():
  24             secure = True
  25
  26         # If connection is not secured but requires security, then redirect
  27         if not self._is_secure(request) and secure:
  28             return self._redirect(request, secure)
  29
  30     def _is_secure(self, request):
  31         if request.is_secure():
  32             return True
  33
  34         #Handle the Webfaction case until this gets resolved in the request.is_secure()
  35         if 'HTTP_X_FORWARDED_SSL' in request.META:
  36             return request.META['HTTP_X_FORWARDED_SSL'] == 'on'
  37
  38         return False
  39
  40     def _redirect(self, request, secure):
  41         protocol = secure and "https://" or "http://"
  42         newurl = "%s%s%s" % (protocol, get_current_site(request).domain, request.get_full_path())
  43         if settings.DEBUG and request.method == 'POST':
  44             raise RuntimeError, \
  45         """Django can't perform a SSL redirect while maintaining POST data.
  46            Please structure your views so that redirects only occur during GETs."""
  47
  48         return HttpResponsePermanentRedirect(newurl)
  49