All geek questions in one place

Password protection of an entire django application

I am running a simple env stage on heroku, and now I am looking for a password to protect the entire application with some simple authentication.

I am wondering if there is a simple application or middleware that already supports this. Tried to look at solutions with Heroku / Cloudflare and django, but nothing seems really straightforward.

Django 1.3.1

+4
source share
2 answers

I am using django-lockdown for this purpose. This allows you to add a simple password to the entire dev site without adding extra authorization bits to your views that are not used outside of the dev environment. It also means that you can log in as an administrator or regular users to check what your site is doing.

https://github.com/Dunedan/django-lockdown

I use Heroku and Lockdown with this bit of code in my settings.py file

 USE_LOCKDOWN = os.environ.get('USE_LOCKDOWN', 'False') == 'True' if USE_LOCKDOWN: INSTALLED_APPS += ('lockdown',) MIDDLEWARE_CLASSES += ('lockdown.middleware.LockdownMiddleware',) LOCKDOWN_PASSWORDS = (os.environ.get('LOCKDOWN_PASSWORD', 'False'),) LOCKDOWN_URL_EXCEPTIONS = (r'^/some/url/not/locked/down/$',)

Then, obviously, set config var of USE_LOCKDOWN as True on my site-dev, and False on my production site, so no need to change the code for.

+11
source

The Django authentication interface has built-in @login_required utilities that will help you password-protect the browsing functions (and @login_required corresponding "url").

Using::

 from django.contrib.auth.decorators import permission_required, login_required @login_required def view_organization(request, org_slug): """ Only permit a logged in user to view the organization. """ org = get_object_or_404(organization, slug=org_slug) org_users = organizationuser.objects.filter(organization=org,\ organization__is_active=true) template = 'organizations/view_organization.html' template_vars = {'org_users': org_users, 'org': org} return render(request, template, template_vars)

For advanced access control, use the @permission_required decorator.

0
source

Source: https://habr.com/ru/post/1445730/

More articles:


All Articles