Site-wide or per-view lockdown with customizable preview authorization
Project description
A simple Django reusable application for locking down an entire site (or particular views), with customizable preview authorization (defaults to single password).
Installation
Install from PyPI with easy_install or pip:
pip install django-lockdown
or get the in-development version:
pip install django-lockdown==dev
To use django-lockdown in your Django project:
Add 'lockdown' to your INSTALLED_APPS setting.
To enable admin preview of locked-down sites or views with a single password, set the LOCKDOWN_PASSWORD setting to a plain-text password.
To lock down the entire site, add 'lockdown.middleware.LockdownMiddleware' to your INSTALLED_APPS setting. Optionally you may also add URL regular expressions to the LOCKDOWN_URL_EXCEPTIONS setting.
To protect only certain views, apply the lockdown.decorators.lockdown decorator to the views you want to protect.
For more advanced customization of admin preview authorization, see the LOCKDOWN_FORM setting.
Settings
LOCKDOWN_PASSWORD
The plain-text password required to preview a site or views protected by django-lockdown:
LOCKDOWN_PASSWORD = 'letmein'
If neither this setting nor LOCKDOWN_FORM is provided, there will be no admin preview for locked-down pages.
LOCKDOWN_URL_EXCEPTIONS
Optional: a list/tuple of regular expressions to be matched against incoming URLs. If a URL matches a regular expression in this list, it will not be locked:
LOCKDOWN_URL_EXCEPTIONS = (r'^/about/$', # unlock /about/
r'\.json$') # unlock JSON API
LOCKDOWN_FORM
By default, django-lockdown allows admin preview by entering a preset plain-text LOCKDOWN_PASSWORD. To set up more advanced methods of authenticating access to locked-down pages, set LOCKDOWN_FORM to the Python dotted path to a Django Form subclass. This form will be displayed on the lockout page. If the form validates when submitted, the user will be allowed access to locked pages:
LOCKDOWN_FORM = 'path.to.my.CustomLockdownForm'
LOCKDOWN_SESSION_KEY
Once a client is authorized for admin preview, they will continue to be authorized for the remainder of their browsing session (using Django’s built-in session support). LOCKDOWN_SESSION_KEY defines the session key used; the default is 'lockdown-allow'.
Templates
Django-lockdown uses a single template, lockdown/form.html. The default template displays a simple “coming soon” message and the password entry form.
If you override this template, the lockdown preview form is available in the template context as form.
CHANGES
tip (unreleased)
0.1.1 (2009.11.24)
Fix setup.py so tests package is not installed.
0.1 (2009.11.16)
Initial release.
TODO
Once Django 1.2 ships with signed cookies (hopefully), replace contrib.sessions dependency with a signed cookie.
Make session authorization expire if settings are changed (password, custom form)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-lockdown-0.1.1.tar.gz.
File metadata
- Download URL: django-lockdown-0.1.1.tar.gz
- Upload date:
- Size: 7.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 82cb2d15154716e9a5a2524641cec2e74bee9a5efa7a2c1895234496fba38b8d |
|
| MD5 | 40a9ab8e92b20513f0caa755217de224 |
|
| BLAKE2b-256 | 19fee92f0833058faa04de1b4f82ecb907f559bf07f8b63310d7f2ecdf49f416 |
