Merge "Fix middleware to not access session fields without user auth"

2013-08-14 17:08:38 +00:00 · 2013-08-14 17:08:38 +00:00 · 7e7965f875
commit 7e7965f875
parent 11dff26cec a62944985d
1 changed files with 17 additions and 16 deletions
--- a/horizon/middleware.py
+++ b/horizon/middleware.py
@ -46,24 +46,25 @@ class HorizonMiddleware(object):
    def process_request(self, request):
        """ Adds data necessary for Horizon to function to the request. """
-        # Activate timezone handling
+        if hasattr(request, "user") and request.user.is_authenticated():
-        tz = request.session.get('django_timezone')
+            # Activate timezone handling
-        if tz:
+            tz = request.session.get('django_timezone')
-            timezone.activate(tz)
+            if tz:
                timezone.activate(tz)
-        # Check for session timeout
+            # Check for session timeout
-        timeout = 1800
+            timeout = 1800
-        try:
+            try:
-            timeout = settings.SESSION_TIMEOUT
+                timeout = settings.SESSION_TIMEOUT
-        except AttributeError:
+            except AttributeError:
-            pass
+                pass
-        last_activity = request.session.get('last_activity', None)
+            last_activity = request.session.get('last_activity', None)
-        timestamp = datetime.datetime.now()
+            timestamp = datetime.datetime.now()
-        if last_activity and (timestamp - last_activity).seconds > timeout:
+            if last_activity and (timestamp - last_activity).seconds > timeout:
-            request.session.pop('last_activity')
+                request.session.pop('last_activity')
-            return HttpResponseRedirect(settings.LOGOUT_URL)
+                return HttpResponseRedirect(settings.LOGOUT_URL)
-        request.session['last_activity'] = timestamp
+            request.session['last_activity'] = timestamp
        request.horizon = {'dashboard': None,
                           'panel': None,