From 540815b943b816b8040dce4079650ac8555b2d3a Mon Sep 17 00:00:00 2001 From: yackob03 Date: Tue, 1 Oct 2013 16:54:05 -0400 Subject: [PATCH] Revert "Try moving the redirect to the app layer." This reverts commit 0cba17efe35f6938847f2d01a0eff5179d542fb4. --- config.py | 2 -- endpoints/web.py | 22 ---------------------- wsgi.conf | 4 ++++ 3 files changed, 4 insertions(+), 24 deletions(-) diff --git a/config.py b/config.py index f82844f8e..257171c89 100644 --- a/config.py +++ b/config.py @@ -60,7 +60,6 @@ class DebugConfig(FlaskConfig, MailConfig, LocalStorage, SQLiteDB): 'level': logging.DEBUG, 'format': LOG_FORMAT } - SECURE_REDIRECT = False class ProductionConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL): @@ -70,4 +69,3 @@ class ProductionConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL): 'level': logging.DEBUG, 'format': LOG_FORMAT, } - SECURE_REDIRECT = True diff --git a/endpoints/web.py b/endpoints/web.py index fb2dcdbf6..64a77bef9 100644 --- a/endpoints/web.py +++ b/endpoints/web.py @@ -1,11 +1,9 @@ import logging -import urlparse from flask import (abort, send_file, redirect, request, url_for, render_template) from flask.ext.login import login_user, UserMixin, login_required, logout_user from flask.ext.principal import identity_changed, Identity, AnonymousIdentity -from functools import wraps from data import model from app import app, login_manager @@ -25,20 +23,6 @@ class _LoginWrappedDBUser(UserMixin): return unicode(self.db_user.username) -def secure_required(f): - @wraps(f) - def decorated_view(*args, **kwargs): - if (app.config['SECURE_REDIRECT'] and - request.environ['wsgi.url_scheme'] == 'http'): - - logger.debug('Redirecting http url to https.') - parsed = urlparse.urlparse(request.url) - location = urlparse.urlunparse(('https',) + parsed[1:]) - return redirect(location) - return f(*args, **kwargs) - return decorated_view - - @login_manager.user_loader def load_user(username): logger.debug('Loading user: %s' % username) @@ -50,7 +34,6 @@ def load_user(username): @app.route('/', methods=['GET']) -@secure_required def index(): return send_file('templates/index.html') @@ -67,13 +50,11 @@ def common_login(db_user): @app.route('/signin', methods=['GET']) -@secure_required def render_signin_page(): return render_template('signin.html') @app.route('/signin', methods=['POST']) -@secure_required def signin(): username = request.form['username'] password = request.form['password'] @@ -94,7 +75,6 @@ def signin(): @app.route('/confirm', methods=['GET']) -@secure_required def confirm_email(): code = request.values['code'] user = model.confirm_user_email(code) @@ -105,13 +85,11 @@ def confirm_email(): @app.route('/reset', methods=['GET']) -@secure_required def password_reset(): pass @app.route("/signout") -@secure_required @login_required def logout(): logout_user() diff --git a/wsgi.conf b/wsgi.conf index 2109fa2dd..d269b6912 100644 --- a/wsgi.conf +++ b/wsgi.conf @@ -8,6 +8,10 @@ WSGIPassAuthorization On SetEnvIf X-Forwarded-Proto https HTTPS=1 + RewriteEngine On + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=permanent] + Alias /static /opt/python/current/app/static/ Order allow,deny