Mikkel Høgh

Coding the web since 1999

07 Jun 2010

Presenting Django Password Required

Have you ever wanted to password-protect your Django-site, without requiring user registration, do you find HTTP Basic Auth to be a very blunt instrument for protecting sites or do you want to do StackOverflow style beta-testing?

Then Django Password Required is for you. It provides a simple @password_required decorator for your views, and lets you configure a password in your settings.py file. The authentication is stored in the user’s session data, using Django’s own session system. This means that Django Password Required can co-exist with django.contrib.auth, so you can allow users to log in after they’ve provided the password to access the site.

I use it for a little skunkworks project that does not have user logins per se, but since it is not open to the public yet, I need to protect it, at least from webspiders and random visitors. I don’t mind if the password is spread by word-of-mouth, since the site contains nothing sensitive or private.

Initially I used HTTP Basic Auth, but setting that up with Apache is an all-or-nothing deal, requires you to enter the password quite often on iPhone/iPad, and interferes with AJAX requests/API calls. So I created this lightweight app, so as to require a password, store that the user is logged in via a cookie bound to a server-side session, with a long lifetime so you won’t get nagged for the password very often.

Bug reports/suggestions, documentation, source code, etc. It all happens on Github. Enjoy.