Python LoginRequiredMiddleware不适用于未经身份验证的用户
我正在尝试使用LoginRequiredMiddleware为经过身份验证和未经身份验证的用户自动访问链接。代码不起作用,因为未经身份验证的用户仍然可以打开他们不应该打开的其他URL。请参阅下面我的代码并提出建议。谢谢 url.pyPython LoginRequiredMiddleware不适用于未经身份验证的用户,python,django,Python,Django,我正在尝试使用LoginRequiredMiddleware为经过身份验证和未经身份验证的用户自动访问链接。代码不起作用,因为未经身份验证的用户仍然可以打开他们不应该打开的其他URL。请参阅下面我的代码并提出建议。谢谢 url.py from django.urls import path from . import views from django.contrib.auth.views import ( LoginView, LogoutView, PasswordRes
from django.urls import path
from . import views
from django.contrib.auth.views import (
LoginView, LogoutView,
PasswordResetView, PasswordResetDoneView,
PasswordResetConfirmView,
PasswordResetCompleteView
)
urlpatterns = [
path('', views.home, name = 'home'),
path('column/', views.column),
path('login/', LoginView.as_view(template_name='accounts/login.html'), name = 'login'),
path('logout/', LogoutView.as_view(template_name='accounts/logout.html'), name = 'logout'),
path('register/', views.register, name = 'register'),
path('profile/', views.view_profile, name = 'view_profile'),
path('profile/edit/', views.edit_profile, name = 'edit_profile'),
path('change_password/', views.change_password, name = 'change_password'),
path('reset-password/', PasswordResetView.as_view(template_name='accounts/reset_password.html'), name = 'password_reset'),
path('reset-password/done', PasswordResetDoneView.as_view(), name = 'password_reset_done'),
path('reset-password/confirm/(?P<uidb64>[0-9A-Za-z]+)-(?P<token>.+)/$', PasswordResetConfirmView.as_view(), name = 'password_reset_confirm'),
path('reset-password/complete/$', PasswordResetCompleteView.as_view(), name='password_reset_complete'),
]
STATIC_URL = '/static/'
LOGIN_REDIRECT_URL = 'home'
LOGIN_URL = 'login'
LOGIN_EXEMPT_URLS = (
'logout',
'register',
)
import re
from django.conf import settings
from django.urls import reverse
from django.shortcuts import redirect
from django.contrib.auth import logout
EXEMPT_URLS = [settings.LOGIN_URL.lstrip('/')]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += [url for url in settings.LOGIN_EXEMPT_URLS]
class LoginRequiredMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
return response
def process_view(self, request, view_func, view_args, view_kwargs):
assert hasattr(request, 'user')
if request.user.is_authenticated is False:
if view_func.__name__ in EXEMPT_URLS is False:
return redirect(settings.LOGIN_URL)
else:
return None
from django.urls import path
from . import views
from django.contrib.auth.views import (
LoginView, LogoutView,
PasswordResetView, PasswordResetDoneView,
PasswordResetConfirmView,
PasswordResetCompleteView
)
urlpatterns = [
path('', views.home, name = 'home'),
path('column/', views.column),
path('login/', LoginView.as_view(template_name='accounts/login.html'), name = 'login'),
path('logout/', LogoutView.as_view(template_name='accounts/logout.html'), name = 'logout'),
path('register/', views.register, name = 'register'),
path('profile/', views.view_profile, name = 'view_profile'),
path('profile/edit/', views.edit_profile, name = 'edit_profile'),
path('change_password/', views.change_password, name = 'change_password'),
path('reset-password/', PasswordResetView.as_view(template_name='accounts/reset_password.html'), name = 'password_reset'),
path('reset-password/done', PasswordResetDoneView.as_view(), name = 'password_reset_done'),
path('reset-password/confirm/(?P<uidb64>[0-9A-Za-z]+)-(?P<token>.+)/$', PasswordResetConfirmView.as_view(), name = 'password_reset_confirm'),
path('reset-password/complete/$', PasswordResetCompleteView.as_view(), name='password_reset_complete'),
]
STATIC_URL = '/static/'
LOGIN_REDIRECT_URL = 'home'
LOGIN_URL = 'login'
LOGIN_EXEMPT_URLS = (
'logout',
'register',
)
import re
from django.conf import settings
from django.urls import reverse
from django.shortcuts import redirect
from django.contrib.auth import logout
EXEMPT_URLS = [settings.LOGIN_URL.lstrip('/')]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += [url for url in settings.LOGIN_EXEMPT_URLS]
class LoginRequiredMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
return response
def process_view(self, request, view_func, view_args, view_kwargs):
assert hasattr(request, 'user')
if request.user.is_authenticated is False:
if view_func.__name__ in EXEMPT_URLS is False:
return redirect(settings.LOGIN_URL)
else:
return None
您是否已将此中间件添加到
settings.pymiddleware中间件=[
'django.middleware.security.SecurityMiddleware',
“django.contrib.sessions.middleware.SessionMiddleware”,
'django.middleware.common.CommonMiddleware',
“django.middleware.csrf.CsrfViewMiddleware”,
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.xFrameOptions中间件',
“myproject.middleware.LoginRequiredMiddleware”,
]
进程视图中添加断点或至少一条打印语句以确保它被加载吗?我添加了:def进程视图(self、request、view\u func、view\u args、view\u kwargs):assert hasattr(request、'user'))打印(请求)仍然没有更改。我是否需要进一步限定我的“view\u func.\uu name\uuuu”方法?不确定它是否正确地将其与“def process\u view”关联…当你说没有更改时,你是否在控制台中看到打印?我倾向于打印一些令人讨厌的内容,如“\n\n***************************\n\n”这显示在控制台[19/Feb/2020 17:32:29]“GET/account/login/HTTP/1.1”200 2821************************************************[19/Feb/2020 17:32:31]“GET/account/register/HTTP/1.1”200 3698************************中间件已启动”**********