I run a Pinax-site for collaborative purposes. I added ‘account.middleware.AuthenticatedMiddleware’ to ‘MIDDLEWARE_CLASSES’ in order to not allow anonymous access to anything on the site.
But now I need public APIs to be enabled. Is there any solutions besides adding ‘login_required’-decorator at all the views that still need to be private?
edit
Gregor Müllegger answer doesn’t work. settings.AUTHENTICATED_EXEMPT_URLS seems to get overwritten somewhere in the code
class AuthenticatedMiddleware(object):
def __init__(self, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
if login_url is None:
login_url = settings.LOGIN_URL
self.redirect_field_name = redirect_field_name
self.login_url = login_url
self.exemptions = [
r"^%s" % settings.MEDIA_URL,
r"^%s" % settings.STATIC_URL,
r"^%s$" % login_url,
]
print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
if ( settings.AUTHENTICATED_EXEMPT_URLS):
self.exemptions += settings.AUTHENTICATED_EXEMPT_URLS
print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
doesn’t print my settings but this:
settings.AUTHENTICATED_EXEMPT_URLS ['^/account/signup/$', '^/account/password_reset', '^/account/confirm_email', '^/openid']
I will try to fix it.
Have a look at the source code of
AuthenticatedMiddleware.It reveals that there is a setting called
AUTHENTICATED_EXEMPT_URLS. It can contain regular expressions that are left public. Set it to something like this in yoursettings.py:This will make any URLs below
/api/available without being logged in.t