• Members 4 posts
    Aug. 12, 2019, 6:51 a.m.

    How to apply authentication everywhere (include views and apis)? i tried to do it in UserMiddleware with return HttpResponseRedirect(reverse("misago:login")) but i got "TOO MANY REDIRECTS" error and i think this is not a good place.

    For example if user go to index page, we redirect him to login, and for the others we raise PermissionDenied exception.

    How should i implement it?

  • arrow_forward

    Thread has been moved from Web Design and Development.

  • Aug. 12, 2019, 2:47 p.m.

    Marked as best answer by Aug. 13, 2019, 8:24 a.m..

    There is no proper login page in Misago - only the login modal. misago:login view is a fake view - it takes user credentials but does nothing with them (but makes sure they won't leak in case of an error). It also redirects user back to page they came from.

    To create mandatory auth on your Misago site, you will have to implement custom Django view for login (use this code for inspiration). You will then have to create a middleware redirecting the user to this view if they are not authenticated.

    Lastly, your middleware can't return redirect always - you need to check if request.path is not already pointing to the login view, so you don't cause redirect loop.

  • Members 4 posts
    Aug. 13, 2019, 8:24 a.m.

    Work like a charm. thanks. I have already implement misago:login page in misago/urls. It's working with checking request.path as you said.

  • Members 4 posts
    Aug. 13, 2019, 8:26 a.m.

    I've subscribed this thread with email. Why it doesn't send email for me after you replied?

  • Aug. 13, 2019, 11:08 a.m.

    I would have to check the code to be sure but AFAIR moving the thread to new category will clear subscriptions.

  • Members 4 posts
    Aug. 13, 2019, 3:08 p.m.

    This post has sent mail to me. may it because of email providers?