Hi Ahmad, > On 23 Mar 2020, at 13:23, Ahmad A. Hussein <ahmadahusse...@gmail.com> wrote: > > I completely agree with what has already been said by everyone here; > moreover, this is a battery missing from Django in my opinion. It would make > Django more "batteries-included" if this was part of core rather than third > party-libraries. If you need help with documentation, I can definitely throw > a hand.
Thank you very much. I definitely going to need a help with documentation ! Also, thank you very much for everyone who’s involved to the discussion. It's great to see that everyone is supporting to have this in django-core. As far as I can see, we have a common ground about following items. - Creating a LoginRequiredAuthenticationMiddleware class which extends our current AuthenticationMiddleware class. - Creating @login_not_required decorator and LoginNotRequiredMixin class. They won’t do anything, but marking views as a ’not login required for that endpoint’ so that our middleware can pass the request. - We have some default views within auth/views such as, LoginView, redirect_to_login and PasswordResetView. They must use our new decorator or Mixin. PS: I like those names by the way. Thanks for func and class name suggestions Adam. One thing that isn’t clear for me is URL exclusions list in settings.py. @Matt Magin and @Hanne Moa has mentioned about it. It’s basically a list of url and/or regex that exempt the view from login validation. I truly understand that such a list can be very useful. But I personally don’t support adding that functionality. Because, I believe people will use wildcard rules, like LOGIN_EXEMPT_URL = ['/api/*'], which will disables the protection we are trying to put in the first place. Maybe even package maintainers will use a wide range of rule definitions in their own settings file in order to make their package compatible with Django-core release. I think that kind of compatibility issue should be addressed by 3rd party package maintainers. > > > Regards, > Ahmad > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com > <mailto:django-developers+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/ef6ad79b-e37b-46b3-87c3-60d7c97e5395%40googlegroups.com > > <https://groups.google.com/d/msgid/django-developers/ef6ad79b-e37b-46b3-87c3-60d7c97e5395%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/3ECF27A7-9308-4CAF-94DC-1A78DC411F82%40mehmetince.net.
signature.asc
Description: Message signed with OpenPGP
