id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
35932	Add a LOGIN_REQUIRED_URLS_EXCEPTIONS for LoginRequiredMiddleware	levimoore		"LoginRequired middleware is great for security but it makes it tough to use third party libraries like django auth or django cookies when they have their own urls and you can't make them not required unless you make your won custom views and add the decorator. The workarounf is makign a custom middleware like this


{{{
class CustomLoginRequiredMiddleware(LoginRequiredMiddleware):
    def __init__(self, get_response):
        super().__init__(get_response)
        # Compile the regex patterns
        self.exempt_urls = [
            re.compile(pattern) for pattern in settings.LOGIN_REQUIRED_URLS_EXCEPTIONS
        ]

    def process_view(self, request, view_func, view_args, view_kwargs):
        path = request.path_info
        # First check our exempt URLs
        if any(pattern.match(path) for pattern in self.exempt_urls):
            return None

        # If not exempt, continue with normal login required check
        return super().process_view(request, view_func, view_args, view_kwargs)
}}}

but to do this in every proejct is not ideal for the growth of django

instead it should be by default allowable to have routes that dont need to be logged into by the settings.py file like


{{{
LOGIN_REQUIRED_URLS_EXCEPTIONS = [
    r""^/accounts/"",  # allauth URLs
    r""^/cookies/"",  # cookie consent URLs
    r""^/static/"",  # static files
    r""^/media/"",  # media files
    r""^/admin/admin_sso/"",
    # Add any other paths you want to exempt from login
]
}}}

"	New feature	closed	contrib.auth	dev	Normal	wontfix		Mariusz Felisiak	Unreviewed	0	0	0	0	0	0