Presenting Django Password Required
Monday, June 158th, 2010
Have you ever wanted to password-protect your Django-site, without requiring user registration, do you find HTTP Basic Auth to be a very blunt instrument for protecting sites or do you want to do StackOverflow style beta-testing?
Then Django Password Required is for you. It provides a simple
@password_required decorator for your views, and lets you configure a
password in your settings.py file. The authentication is stored in the
user’s session data, using Django’s own session system. This means that
Django Password Required can co-exist with
so you can allow users to log in after they’ve provided the password to
access the site.
I use it for a little skunkworks project that does not have user logins per se, but since it is not open to the public yet, I need to protect it, at least from webspiders and random visitors. I don’t mind if the password is spread by word-of-mouth, since the site contains nothing sensitive or private.
Initially I used HTTP Basic Auth, but setting that up with Apache is an all-or-nothing deal, requires you to enter the password quite often on iPhone/iPad, and interferes with AJAX requests/API calls. So I created this lightweight app, so as to require a password, store that the user is logged in via a cookie bound to a server-side session, with a long lifetime so you won’t get nagged for the password very often.
Bug reports/suggestions, documentation, source code, etc. It all happens on Github. Enjoy.
My name is Mikkel Høgh, I've worked with web tech for the last 20 years. These days, I work with e-commerce in Central Switzerland.