Redirect authenticated users to HTTPS pages
authorCharles Connell <charles@connells.org>
Mon, 3 Feb 2014 20:27:14 +0000 (15:27 -0500)
committerCharles Connell <charles@connells.org>
Mon, 3 Feb 2014 20:27:14 +0000 (15:27 -0500)
.gitignore
karmaworld/settings/common.py
karmaworld/settings/prod.py
karmaworld/utils/SSLRedirect.py [new file with mode: 0644]

index 0ff8afa403e8e5385f5bd75a6a1dfac8e62cfe96..f227ced5c05ec91cb57b4c6b6210654e50ea92b0 100644 (file)
@@ -63,4 +63,9 @@ karmaworld/secret/*
 .tags
 
 ## USDE accreditation school CSV
-confs/accreditation.csv
\ No newline at end of file
+confs/accreditation.csv
+
+# Local SSL testing
+runserver_ssl
+stunnel
+
index dbf8be13f1006846851382c1aa341f1f300c45e5..6a47f084ebc5196894c08ad0719992f9dbba82b1 100644 (file)
@@ -274,6 +274,7 @@ SOCIALACCOUNT_QUERY_EMAIL = True
 SOCIALACCOUNT_AUTO_SIGNUP = False
 ACCOUNT_USER_DISPLAY = 'karmaworld.apps.users.models.user_display_name'
 ACCOUNT_SIGNUP_FORM_CLASS = 'karmaworld.apps.users.forms.SignupForm'
+ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
 
 AUTH_PROFILE_MODULE = 'users.UserProfile'
 
index f80463a4eebdcceb794bf1592a5fd8bac9db134d..4231ce28e2a53bb6662650008568aee4f2eed050 100644 (file)
@@ -141,6 +141,13 @@ AWS_HEADERS = {
 STATIC_URL = S3_URL
 ########## END STORAGE CONFIGURATION
 
+########## MIDDLEWARE CONFIGURATION
+# See: https://docs.djangoproject.com/en/dev/ref/settings/#middleware-classes
+MIDDLEWARE_CLASSES += (
+    # Use SSL when user is authenticated
+    'karmaworld.utils.SSLRedirect.SSLRedirect',
+)
+########## END MIDDLEWARE CONFIGURATION
 
 ########## COMPRESSION CONFIGURATION
 # See: http://django_compressor.readthedocs.org/en/latest/settings/#django.conf.settings.COMPRESS_OFFLINE
diff --git a/karmaworld/utils/SSLRedirect.py b/karmaworld/utils/SSLRedirect.py
new file mode 100644 (file)
index 0000000..28cba2b
--- /dev/null
@@ -0,0 +1,47 @@
+__license__ = "Python"
+__copyright__ = "Copyright (C) 2007, Stephen Zabel"
+__author__ = "Stephen Zabel - sjzabel@gmail.com"
+__contributors__ = "Jay Parlar - parlar@gmail.com"
+
+from django.conf import settings
+from django.http import HttpResponsePermanentRedirect
+from django.contrib.sites.models import get_current_site
+
+SSL = 'SSL'
+
+
+class SSLRedirect(object):
+
+    def process_view(self, request, view_func, view_args, view_kwargs):
+        if SSL in view_kwargs:
+            secure = view_kwargs[SSL]
+            del view_kwargs[SSL]
+        else:
+            secure = False
+
+        if request.user.is_authenticated():
+            secure = True
+
+        if not secure == self._is_secure(request):
+            return self._redirect(request, secure)
+
+    def _is_secure(self, request):
+        if request.is_secure():
+            return True
+
+        #Handle the Webfaction case until this gets resolved in the request.is_secure()
+        if 'HTTP_X_FORWARDED_SSL' in request.META:
+            return request.META['HTTP_X_FORWARDED_SSL'] == 'on'
+
+        return False
+
+    def _redirect(self, request, secure):
+        protocol = secure and "https://" or "http://"
+        newurl = "%s%s%s" % (protocol, get_current_site(request).domain, request.get_full_path())
+        if settings.DEBUG and request.method == 'POST':
+            raise RuntimeError, \
+        """Django can't perform a SSL redirect while maintaining POST data.
+           Please structure your views so that redirects only occur during GETs."""
+
+        return HttpResponsePermanentRedirect(newurl)
+