From fa14bc8ac7a392e47f6b9c1e8f99f64198aceded Mon Sep 17 00:00:00 2001
From: =?utf-8?q?C=C3=A9lestin=20Matte?= <gitlab@cmatte.me>
Date: Sat, 1 Apr 2023 23:36:02 +0200
Subject: [PATCH] Always load auth, even when using PUBLIC_ARCHIVES=True

Even in public archives mode, auth is necessary as an antispam feature for
downloading mbox, raw messages etc.
---
 django/archives/settings.py | 38 ++++++++++++++++++-------------------
 django/archives/urls.py     | 19 +++++++++----------
 2 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/django/archives/settings.py b/django/archives/settings.py
index 24861a9..ba783c4 100644
--- a/django/archives/settings.py
+++ b/django/archives/settings.py
@@ -155,23 +155,21 @@ try:
 except ImportError:
     pass

-# If this is a non-public site, enable middleware for handling logins etc
-if ALLOW_RESEND or not PUBLIC_ARCHIVES:
-    MIDDLEWARE = [
-        'django.contrib.sessions.middleware.SessionMiddleware',
-        'django.contrib.auth.middleware.AuthenticationMiddleware',
-        'django.middleware.csrf.CsrfViewMiddleware',
-    ] + MIDDLEWARE
-    MIDDLEWARE.append('archives.mailarchives.redirecthandler.RedirectMiddleware')
-
-    INSTALLED_APPS = [
-        'django.contrib.sessions',
-    ] + INSTALLED_APPS
-
-    AUTHENTICATION_BACKENDS = (
-        'archives.auth.AuthBackend',
-    )
-
-    if not PUBLIC_ARCHIVES:
-        from archives.util import validate_new_user
-        PGAUTH_CREATEUSER_CALLBACK = validate_new_user
+MIDDLEWARE = [
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+] + MIDDLEWARE
+MIDDLEWARE.append('archives.mailarchives.redirecthandler.RedirectMiddleware')
+
+INSTALLED_APPS = [
+    'django.contrib.sessions',
+] + INSTALLED_APPS
+
+AUTHENTICATION_BACKENDS = (
+    'archives.auth.AuthBackend',
+)
+
+if not PUBLIC_ARCHIVES:
+    from archives.util import validate_new_user
+    PGAUTH_CREATEUSER_CALLBACK = validate_new_user
diff --git a/django/archives/urls.py b/django/archives/urls.py
index bc8a18d..6744c37 100644
--- a/django/archives/urls.py
+++ b/django/archives/urls.py
@@ -63,13 +63,12 @@ urlpatterns = [
     url(r'^dyncss/(?P<css>base|docs).css$', archives.mailarchives.views.dynamic_css),
 ]

-if settings.ALLOW_RESEND or not settings.PUBLIC_ARCHIVES:
-    import archives.auth
-
-    urlpatterns += [
-        # For non-public archives, support login
-        url(r'^(?:list/_auth/)?accounts/login/?$', archives.auth.login),
-        url(r'^(?:list/_auth/)?accounts/logout/?$', archives.auth.logout),
-        url(r'^(?:list/_auth/)?auth_receive/$', archives.auth.auth_receive),
-        url(r'^(?:list/_auth/)?auth_api/$', archives.auth.auth_api),
-    ]
+import archives.auth
+
+urlpatterns += [
+    # For non-public archives, support login
+    url(r'^(?:list/_auth/)?accounts/login/?$', archives.auth.login),
+    url(r'^(?:list/_auth/)?accounts/logout/?$', archives.auth.logout),
+    url(r'^(?:list/_auth/)?auth_receive/$', archives.auth.auth_receive),
+    url(r'^(?:list/_auth/)?auth_api/$', archives.auth.auth_api),
+]
-- 
2.40.0