Revert "Try moving the redirect to the app layer."

This reverts commit 0cba17efe3.

config.py

@@ -60,7 +60,6 @@ class DebugConfig(FlaskConfig, MailConfig, LocalStorage, SQLiteDB):
     'level': logging.DEBUG,
     'format': LOG_FORMAT
   }
-  SECURE_REDIRECT = False
 
 
 class ProductionConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL):
@@ -70,4 +69,3 @@ class ProductionConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL):
     'level': logging.DEBUG,
     'format': LOG_FORMAT,
   }
-  SECURE_REDIRECT = True

endpoints/web.py

@@ -1,11 +1,9 @@
 import logging
-import urlparse
 
 from flask import (abort, send_file, redirect, request, url_for,
                    render_template)
 from flask.ext.login import login_user, UserMixin, login_required, logout_user
 from flask.ext.principal import identity_changed, Identity, AnonymousIdentity
-from functools import wraps
 
 from data import model
 from app import app, login_manager
@@ -25,20 +23,6 @@ class _LoginWrappedDBUser(UserMixin):
     return unicode(self.db_user.username)
 
 
-def secure_required(f):
-  @wraps(f)
-  def decorated_view(*args, **kwargs):
-    if (app.config['SECURE_REDIRECT'] and 
-        request.environ['wsgi.url_scheme'] == 'http'):
-
-      logger.debug('Redirecting http url to https.')
-      parsed = urlparse.urlparse(request.url)
-      location = urlparse.urlunparse(('https',) + parsed[1:])
-      return redirect(location)
-    return f(*args, **kwargs)
-  return decorated_view
-
-
 @login_manager.user_loader
 def load_user(username):
   logger.debug('Loading user: %s' % username)
@@ -50,7 +34,6 @@ def load_user(username):
 
 
 @app.route('/', methods=['GET'])
-@secure_required
 def index():
   return send_file('templates/index.html')
 
@@ -67,13 +50,11 @@ def common_login(db_user):
 
 
 @app.route('/signin', methods=['GET'])
-@secure_required
 def render_signin_page():
   return render_template('signin.html')
 
 
 @app.route('/signin', methods=['POST'])
-@secure_required
 def signin():
   username = request.form['username']
   password = request.form['password']
@@ -94,7 +75,6 @@ def signin():
 
 
 @app.route('/confirm', methods=['GET'])
-@secure_required
 def confirm_email():
   code = request.values['code']
   user = model.confirm_user_email(code)
@@ -105,13 +85,11 @@ def confirm_email():
 
 
 @app.route('/reset', methods=['GET'])
-@secure_required
 def password_reset():
   pass
 
 
 @app.route("/signout")
-@secure_required
 @login_required
 def logout():
     logout_user()

wsgi.conf

@@ -8,6 +8,10 @@ WSGIPassAuthorization On
 <VirtualHost *:80>
   SetEnvIf X-Forwarded-Proto https HTTPS=1
 
+  RewriteEngine On
+  RewriteCond %{HTTP:X-Forwarded-Proto} !https
+  RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=permanent]
+
   Alias /static /opt/python/current/app/static/
   <Directory /opt/python/current/app/>
     Order allow,deny