Skip to main content

Site-wide or per-view lockdown with customizable preview authorization

Project description

A simple Django reusable application for locking down an entire site (or particular views), with customizable preview authorization (defaults to single password).

Installation

Install from PyPI with easy_install or pip:

pip install django-lockdown

or get the in-development version:

pip install django-lockdown==dev

To use django-lockdown in your Django project:

  1. Add 'lockdown' to your INSTALLED_APPS setting.

  2. To enable admin preview of locked-down sites or views with a single password, set the LOCKDOWN_PASSWORD setting to a plain-text password.

  3. To lock down the entire site, add 'lockdown.middleware.LockdownMiddleware' to your INSTALLED_APPS setting. Optionally you may also add URL regular expressions to the LOCKDOWN_URL_EXCEPTIONS setting.

  4. To protect only certain views, apply the lockdown.decorators.lockdown decorator to the views you want to protect.

For more advanced customization of admin preview authorization, see the LOCKDOWN_FORM setting.

Settings

LOCKDOWN_PASSWORD

The plain-text password required to preview a site or views protected by django-lockdown:

LOCKDOWN_PASSWORD = 'letmein'

If neither this setting nor LOCKDOWN_FORM is provided, there will be no admin preview for locked-down pages.

LOCKDOWN_URL_EXCEPTIONS

Optional: a list/tuple of regular expressions to be matched against incoming URLs. If a URL matches a regular expression in this list, it will not be locked:

LOCKDOWN_URL_EXCEPTIONS = (r'^/about/$',  # unlock /about/
                           r'\.json$')    # unlock JSON API

LOCKDOWN_FORM

By default, django-lockdown allows admin preview by entering a preset plain-text LOCKDOWN_PASSWORD. To set up more advanced methods of authenticating access to locked-down pages, set LOCKDOWN_FORM to the Python dotted path to a Django Form subclass. This form will be displayed on the lockout page. If the form validates when submitted, the user will be allowed access to locked pages:

LOCKDOWN_FORM = 'path.to.my.CustomLockdownForm'

LOCKDOWN_SESSION_KEY

Once a client is authorized for admin preview, they will continue to be authorized for the remainder of their browsing session (using Django’s built-in session support). LOCKDOWN_SESSION_KEY defines the session key used; the default is 'lockdown-allow'.

Templates

Django-lockdown uses a single template, lockdown/form.html. The default template displays a simple “coming soon” message and the password entry form.

If you override this template, the lockdown preview form is available in the template context as form.

CHANGES

0.1 (2009-11-16)

  • initial release

TODO

  • Once Django 1.2 ships with signed cookies (hopefully), replace contrib.sessions dependency with a signed cookie.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-lockdown-0.1.0.tar.gz (7.4 kB view details)

Uploaded Source

File details

Details for the file django-lockdown-0.1.0.tar.gz.

File metadata

File hashes

Hashes for django-lockdown-0.1.0.tar.gz
Algorithm Hash digest
SHA256 707829c6b39ff69f67506a22dd7f088a5c09b189cbfd6100828f856ec71ab1b5
MD5 53777afc431cc78adeb9c2581f289146
BLAKE2b-256 1c0f030940cbd7bb4b2e20ac44046418d9f445cf262b66c50527a8169f3674d8

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page