Consider making all views authenticated by default #1341
Description
Effort: 3
Description:
As is generally recommended, it make sense for all views in an application to require authentication unless explicitly marked as public. Django now provides a middleware which I believe is installed by default on new installations, which does just that. We should consider using it instead of requiring every view to state that it requires authentication, because some don't. This causes issues such as #855 and especially in this new bot-ridden world, can have serious consequences.
Tasks:
- Communicate to TOMS the change, instruct them that they can remove the middleware if they don't want the default behavior
- Implement, make sure tests pass.
- Profit