Add LoginRequiredMiddleware to easily protect the whole website

gsl/settings.py

@@ -85,6 +85,7 @@
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "gsl_oidc.middleware.LoginRequiredMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
 ]
@@ -187,6 +188,8 @@
     "DS_API_URL", "https://www.demarches-simplifiees.fr/api/v2/graphql"
 )
 
+LOGIN_URL = "/comptes/login/"
+
 # Redirect after login/logout - used by OIDC backends
 
 LOGIN_REDIRECT_URL = "/"

gsl_oidc/middleware.py

@@ -0,0 +1,21 @@
+from django.contrib.auth.middleware import (
+    LoginRequiredMiddleware as OriginalLoginRequiredMiddleware,
+)
+
+
+class LoginRequiredMiddleware(OriginalLoginRequiredMiddleware):
+    def process_view(self, request, view_func, view_args, view_kwargs):
+        if request.user.is_authenticated:
+            return None
+
+        if not getattr(view_func, "login_required", True):
+            return None
+
+        # allow OIDC views
+        if request.path in (
+            "/oidc/authenticate/",
+            "/oidc/callback/",
+        ):
+            return None
+
+        return self.handle_no_permission(request, view_func)

gsl_pages/views.py

@@ -1,9 +1,12 @@
+from django.contrib.auth.decorators import login_not_required
 from django.shortcuts import render
 
 
+@login_not_required
 def index_view(request):
     return render(request, "gsl_pages/index.html", {})
 
 
+@login_not_required
 def accessibility_view(request):
     return render(request, "gsl_pages/accessibilite.html", {})