api/app/middlewares.py
from django.conf import settingsfrom django.shortcuts import redirectfrom django.http import HttpResponseForbidden, HttpResponsefrom django.contrib.auth import logoutfrom django.utils.deprecation import MiddlewareMixinfrom django.contrib.auth.decorators import login_required class DisableCsrfCheck(MiddlewareMixin): """ Middleware class to disable CSRF check for views """ def process_request(self, req): """ Process request method to add attr _dont_enforce_csrf_checks """ attr = "_dont_enforce_csrf_checks" if not getattr(req, attr, False): setattr(req, attr, True) class LoginRequiredMiddleware: """ Middleware class to enforce login for every view """ def __init__(self, get_response): self.get_response = get_response def __call__(self, request): return self.get_response(request) Function `process_view` has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. def process_view(self, request, view_func, view_args, view_kwargs): # pylint: disable=C0103 """ Process view method to check login_exempt decorator and enforce authentication on all views """ try: appName = request.path.split("/")[1] if appName in ["admin", "accounts"]: return except: pass authenticationRequired= True if settings.AUTHENTICATION_REQUIRED == "True" else False if not authenticationRequired: return if getattr(view_func, "login_exempt", False): return if not request.user.is_authenticated and request.path.split("/")[2] == "datadownload": return redirect(settings.LOGIN_REDIRECT_URL) if request.user.is_authenticated: if request.user.status != "Active": logout(request)Avoid too many `return` statements within this function. return Avoid too many `return` statements within this function. return HttpResponse('Unauthorized', status=401) def login_exempt(view): # pylint: disable=C0103 """ Decorator for views which needs to be exempted from login """ view.login_exempt = True return view