Merge pull request #55 from UKB-IT-Sec/improve_login_logic

Added LoginRequiredMixin to views

src/nac/subviews/account.py

@@ -1,14 +1,17 @@
 from django.contrib import messages
 from django.contrib.auth import update_session_auth_hash
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import PasswordChangeForm
 from django.shortcuts import render, redirect
 from django.views.generic import TemplateView
 
 
-class AccountSettings(TemplateView):
+class AccountSettings(LoginRequiredMixin, TemplateView):
     template_name = "account_settings.html"
 
 
+@login_required
 def change_password(request):
     if request.method == 'POST':
         form = PasswordChangeForm(request.user, request.POST)

src/nac/subviews/armis.py

@@ -16,11 +16,13 @@
 from django.views.generic import View
 from django.core.cache import cache
 from django.shortcuts import render
+from django.contrib.auth.mixins import LoginRequiredMixin
+
 
 from helper.armis import get_armis_sites, get_devices, get_tenant_url, get_boundaries, map_ids_to_names
 
 
-class ArmisView(View):
+class ArmisView(LoginRequiredMixin, View):
     template_name = "armis_import.html"
 
     def _get_context(self):  # sets the site-context for armis_import.html, uses cache to be less time consuming

src/nac/subviews/autocomplete.py

@@ -1,8 +1,9 @@
 from dal import autocomplete
 from ..models import DeviceRoleProd, AuthorizationGroup, DeviceRoleInst
+from django.contrib.auth.mixins import LoginRequiredMixin
 
 
-class DeviceRoleProdAutocomplete(autocomplete.Select2QuerySetView):
+class DeviceRoleProdAutocomplete(LoginRequiredMixin, autocomplete.Select2QuerySetView):
     def get_queryset(self):
         if not self.request.user.is_authenticated:
             return DeviceRoleProd.objects.none()
@@ -23,7 +24,7 @@ def get_queryset(self):
         return qs
 
 
-class DeviceRoleInstAutocomplete(autocomplete.Select2QuerySetView):
+class DeviceRoleInstAutocomplete(LoginRequiredMixin, autocomplete.Select2QuerySetView):
     def get_queryset(self):
         if not self.request.user.is_authenticated:
             return DeviceRoleInst.objects.none()
@@ -40,7 +41,7 @@ def get_queryset(self):
         return qs
 
 
-class AuthorizationGroupAutocomplete(autocomplete.Select2QuerySetView):
+class AuthorizationGroupAutocomplete(LoginRequiredMixin, autocomplete.Select2QuerySetView):
     def get_queryset(self):
         if not self.request.user.is_authenticated:
             return AuthorizationGroup.objects.none()

src/nac/subviews/device_management.py

@@ -3,14 +3,15 @@
 from django.db.models import Q
 from django.urls import reverse_lazy
 from django.shortcuts import render
+from django.contrib.auth.mixins import LoginRequiredMixin
 import json
 
 from ..models import Device, AuthorizationGroup, DeviceRoleProd
 from ..forms import DeviceForm, DeviceSearchForm
 from ..validation import normalize_mac
 
 
-class DeviceListView(ListView):
+class DeviceListView(LoginRequiredMixin, ListView):
     model = Device
     template_name = "devices.html"
     context_object_name = "device_list"
@@ -47,24 +48,24 @@ def get_context_data(self, *, object_list=None, **kwargs):
         return context
 
 
-class DeviceDetailView(DetailView):
+class DeviceDetailView(LoginRequiredMixin, DetailView):
     model = Device
     template_name = "device_detail.html"
 
 
-class DeviceUpdateView(UpdateView):
+class DeviceUpdateView(LoginRequiredMixin, UpdateView):
     model = Device
     form_class = DeviceForm
     template_name = "device_edit.html"
 
 
-class DeviceDeleteView(DeleteView):
+class DeviceDeleteView(LoginRequiredMixin, DeleteView):
     model = Device
     template_name = "device_delete.html"
     success_url = reverse_lazy("devices")
 
 
-class DeviceCreateView(CreateView):
+class DeviceCreateView(LoginRequiredMixin, CreateView):
     model = Device
     form_class = DeviceForm
     template_name = "device_new.html"