How to exempt certain urls in LoginRequiredMiddleware ?

Using LoginRequiredMiddleware, I am able to set “login required” as default (instead of having to put the @login_required decorator on every view, and possibly forgetting it), and exempt certain views from this restriction by using the @login_not_required decorator.

However, I am using social-auth as an authentication backend, and it is trying to access some urls during the authentication process: It sends the requests “GET /social-auth/login/some_custom_backend/” and “GET /social-auth/complete/some_custom_backend/lots_of_info”.

These requests are blocked in process_view() and I am returned to the login view.

If I add a manual exemption for these two urls in process_view(), the authentication completes and I am logged in.

Is there a setting somewhere that I can use to set exemptions for certain urls? Or should there be (i.e. are there safety issues that indicates that I shouldn’t be doing this)?

See the ticket at #35932 (Add a LOGIN_REQUIRED_URLS_EXCEPTIONS for LoginRequiredMiddleware) – Django

Basically, the answer is no. You have at least four different options that I can think of.

• Modify (subclass) the middleware to add that feature.
• Monkey-patch the third-party library views
• Modify the third-party views to add the decorator
• Get the third-party library to add the decorator to their views.

You’ve already done the first, so you know what’s involved there. You could extend that to read a custom setting.

That last one is probably the most “corrrect”, but may take a while to see happen.

Thanks for the answer, and the reference to the previous ticket!