]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/middleware/extended_user.py
allow only AJAX requests for post votes, otherwise it makes CSRF possible
[osqa.git] / forum / middleware / extended_user.py
index 0e44f736e2671b7cccf563e30c8ed54c1ec41e46..ca1d15112f577ff51be62630d8ce24412fded98d 100644 (file)
@@ -1,23 +1,27 @@
-from django.contrib.auth.middleware import AuthenticationMiddleware\r
-from django.contrib.auth import logout\r
-from forum.models.user import AnonymousUser\r
-from forum.views.auth import forward_suspended_user\r
-\r
-class ExtendedUser(AuthenticationMiddleware):\r
-    def process_request(self, request):\r
-        super(ExtendedUser, self).process_request(request)\r
-        if request.user.is_authenticated():\r
-            try:\r
-                request.user = request.user.user\r
-\r
-                if request.user.is_suspended():\r
-                    user = request.user\r
-                    logout(request)\r
-                    return forward_suspended_user(request, user)\r
-\r
-                return None\r
-            except:\r
-                pass\r
-\r
-        request.user = AnonymousUser()\r
+from django.contrib.auth.middleware import AuthenticationMiddleware
+from django.contrib.auth import logout
+from forum.models.user import AnonymousUser
+from forum.views.auth import forward_suspended_user
+import logging
+
+class ExtendedUser(AuthenticationMiddleware):
+    def process_request(self, request):
+        super(ExtendedUser, self).process_request(request)
+        if request.user.is_authenticated():
+            try:
+                request.user = request.user.user
+
+                if request.user.is_suspended():
+                    user = request.user
+                    logout(request)
+                    return forward_suspended_user(request, user)
+
+                return None
+            except Exception, e:
+                import traceback
+                logging.error("Unable to convert auth_user %s to forum_user: \n%s" % (
+                    request.user.id, traceback.format_exc()
+                ))
+
+        request.user = AnonymousUser()
         return None
\ No newline at end of file
         return None
\ No newline at end of file