{"id":13467976,"url":"https://github.com/Dunedan/django-lockdown","last_synced_at":"2025-03-26T03:31:22.027Z","repository":{"id":734972,"uuid":"384853","full_name":"Dunedan/django-lockdown","owner":"Dunedan","description":"Lock down a Django site or individual views, with configurable preview authorization","archived":false,"fork":false,"pushed_at":"2024-02-21T09:54:45.000Z","size":269,"stargazers_count":148,"open_issues_count":3,"forks_count":20,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-20T17:14:41.353Z","etag":null,"topics":["django","django-application","django-middleware","lockdown","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Dunedan.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGES.rst","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.rst","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2009-11-25T05:16:42.000Z","updated_at":"2025-01-21T18:46:15.000Z","dependencies_parsed_at":"2024-06-18T19:48:42.505Z","dependency_job_id":"159a4c16-a817-4149-b92a-99e8aedabbe4","html_url":"https://github.com/Dunedan/django-lockdown","commit_stats":{"total_commits":208,"total_committers":8,"mean_commits":26.0,"dds":0.3125,"last_synced_commit":"be8224ecbca2a7f39f9d0d0c84fe6921fb1fed83"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dunedan%2Fdjango-lockdown","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dunedan%2Fdjango-lockdown/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dunedan%2Fdjango-lockdown/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dunedan%2Fdjango-lockdown/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Dunedan","download_url":"https://codeload.github.com/Dunedan/django-lockdown/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245584778,"owners_count":20639628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["django","django-application","django-middleware","lockdown","python"],"created_at":"2024-07-31T15:01:03.523Z","updated_at":"2025-03-26T03:31:21.154Z","avatar_url":"https://github.com/Dunedan.png","language":"Python","funding_links":[],"categories":["Python","Libs"],"sub_categories":["Other"],"readme":"===============\ndjango-lockdown\n===============\n\n.. image:: https://github.com/Dunedan/django-lockdown/workflows/CI/badge.svg\n    :target: https://github.com/Dunedan/django-lockdown/actions\n    :alt: Build Status\n.. image:: https://coveralls.io/repos/Dunedan/django-lockdown/badge.svg\n    :target: https://coveralls.io/r/Dunedan/django-lockdown\n    :alt: Test Coverage\n.. image:: https://img.shields.io/pypi/v/django-lockdown.svg\n    :target: https://pypi.org/project/django-lockdown/\n    :alt: Latest Version\n\n``django-lockdown`` is a reusable Django application for locking down an entire\nsite (or particular views), with customizable date ranges and preview\nauthorization.\n\nInstallation\n============\n\nInstall from PyPI with ``easy_install`` or ``pip``::\n\n    pip install django-lockdown\n\nTo use ``django-lockdown`` in your Django project:\n\n1. Add ``'lockdown'`` to your ``INSTALLED_APPS``.\n   If you want to use one of ``django-lockdowns`` default lock down forms,\n   you'll additionally have to ensure that you have enabled\n   ``django.contrib.auth`` as part of to your ``INSTALLED_APPS``.\n\n2. To enable admin preview of locked-down sites or views with\n   passwords, set the `LOCKDOWN_PASSWORDS`_ setting to a tuple of one or\n   more plain-text passwords.\n\n3. Protect the entire site by using middleware, or protect individual views\n   by applying a decorator to them.\n       \nFor more advanced customization of admin preview authorization, see\nthe `LOCKDOWN_FORM`_ setting.\n\nDependencies\n------------\n\n``django-lockdown`` requires `Python`_ 3.6 or later and `Django`_ 2.2 or later.\n\nAs an alternative to CPython `PyPy`_ 3.5 and 3.6 are supported as well.\n\n.. _Python: https://www.python.org/\n.. _Django: https://www.djangoproject.com/\n.. _PyPy: https://pypy.org/\n\nUsage\n=====\n\nUsing the middleware\n--------------------\n\nTo lock down the entire site, add the lockdown middleware to your middlewares::\n\n    MIDDLEWARE = [\n        # ...\n        'lockdown.middleware.LockdownMiddleware',\n    ]\n\nOptionally, you may also add URL regular expressions to a\n`LOCKDOWN_URL_EXCEPTIONS`_ setting.\n\nUsing the decorator\n-------------------\n\n- Import the decorator::\n\n    from lockdown.decorators import lockdown\n\n- Apply the decorator to individual views you want to protect. For example::\n\n    @lockdown()\n    def secret_page(request):\n        # ...\n\nThe decorator accepts seven arguments:\n\n``form``\n  The form to use for providing an admin preview, rather than the form\n  referenced by `LOCKDOWN_FORM`_. Note that this must be an actual form class,\n  not a module reference like the setting.\n\n``until_date``\n  The date to use rather than the date provided by `LOCKDOWN_UNTIL`_.\n\n``after_date``\n  The date to use rather than the date provided by `LOCKDOWN_AFTER`_.\n\n``logout_key``\n  A preview logout key to use, rather than the one provided by\n  `LOCKDOWN_LOGOUT_KEY`_.\n\n``session_key``\n  The session key to use, rather than the one provided by\n  `LOCKDOWN_SESSION_KEY`_.\n \n``url_exceptions``\n  A list of regular expressions for which matching urls can bypass the lockdown\n  (rather than using those defined in `LOCKDOWN_URL_EXCEPTIONS`_).\n\n``remote_addr_exceptions``\n A list of IP-addresses or IP-subnets for which matching URLs can bypass the\n lockdown (rather than using those defined in\n `LOCKDOWN_REMOTE_ADDR_EXCEPTIONS`_).\n\n``extra_context``\n  A dictionary of context data that will be added to the default context data\n  passed to the template.\n\nAny further keyword arguments are passed to the admin preview form. The default\nform accepts one argument:\n\n``passwords``\n  A tuple of passwords to use, rather than the ones provided by\n  `LOCKDOWN_PASSWORDS`_.\n\n\nSettings\n========\n\nLOCKDOWN_ENABLED\n----------------\n\nAn optional boolean value that, if set to False, disables\n``django-lockdown`` globally. Defaults to True (lock down enabled).\n\n\nLOCKDOWN_PASSWORDS\n------------------\n\nOne or more plain-text passwords which allow the previewing of the site or\nviews protected by django-lockdown::\n\n    LOCKDOWN_PASSWORDS = ('letmein', 'beta')\n\nIf this setting is not provided (and the default `LOCKDOWN_FORM`_ is being\nused), there will be no admin preview for locked-down pages.\n\nIf a `LOCKDOWN_FORM`_ other than the default is used, this setting has no\neffect.\n\nLOCKDOWN_URL_EXCEPTIONS\n-----------------------\n\nAn optional list/tuple of regular expressions to be matched against incoming\nURLs. If a URL matches a regular expression in this list, it will not be\nlocked. For example::\n\n    LOCKDOWN_URL_EXCEPTIONS = (\n        r'^/about/$',   # unlock /about/\n        r'\\.json$',   # unlock JSON API\n    )\n\nLOCKDOWN_VIEW_EXCEPTIONS\n------------------------\n\nAn optional list of regular expressions to be matched against the\nresolved views of incoming requests. If the URL of an incoming request\nresolves to one of the views in the list, it will not be locked.\nThat's useful if you want to lock down a whole site using the middleware,\nbut want to whitelist some localized URLs.\n\nFor example::\n\n    from yourapp import one_view_to_unlock, another_view_to_unlock\n\n    LOCKDOWN_VIEW_EXCEPTIONS = [\n        one_view_to_unlock,\n        another_view_to_unlock\n    ]\n\nLOCKDOWN_REMOTE_ADDR_EXCEPTIONS\n-------------------------------\n\nAn optional list of IP-addresses or IP-subnets to be matched against the\nrequesting IP-address (from `requests.META['REMOTE_ADDR']`). If the\nrequesting IP-address is in this list, it will not be locked. For example::\n\n    LOCKDOWN_REMOTE_ADDR_EXCEPTIONS = [\n        '127.0.0.1',\n        '::1',\n    ]\n\nLOCKDOWN_TRUSTED_PROXIES\n-------------------------------\n\nA list of trusted proxy IP-addresses to be used in conjunction with \n`LOCKDOWN_REMOTE_ADDR_EXCEPTIONS` when a reverse-proxy or load balancer is used.\nIf the requesting IP address is from the trusted proxies list the last address from \nthe `X-Forwared-For` header (from `requests.META['HTTP_X_FORWARDED_FOR']`) will be \nchecked against `LOCKDOWN_REMOTE_ADDR_EXCEPTIONS` and locked or unlocked accordingly.\n\nFor example::\n\n    LOCKDOWN_TRUSTED_PROXIES = [\n        '172.17.0.1',\n    ]\n    \n    LOCKDOWN_REMOTE_ADDR_EXCEPTIONS = [\n        '172.17.0.5',\n    ]\n\nLOCKDOWN_UNTIL\n--------------\n\nUsed to lock the site down up until a certain date. Set to a\n``datetime.datetime`` object.\n\nIf neither ``LOCKDOWN_UNTIL`` nor `LOCKDOWN_AFTER`_ is provided (the default),\nthe site or views will always be locked.\n\nLOCKDOWN_AFTER\n--------------\n\nUsed to lock the site down after a certain date. Set to a ``datetime.datetime``\nobject.\n\nSee also: `LOCKDOWN_UNTIL`_.\n\nLOCKDOWN_LOGOUT_KEY\n-------------------\n\nA key which, if provided in the query string of a locked URL, will log out the\nuser from the preview. \n\nLOCKDOWN_FORM\n-------------\n\nThe default lockdown form allows admin preview by entering a preset\nplain-text password (checked, by default, against the `LOCKDOWN_PASSWORDS`_\nsetting). To set up more advanced methods of authenticating access to\nlocked-down pages, set ``LOCKDOWN_FORM`` to the Python dotted path to a Django\n``Form`` subclass. This form will be displayed on the lockout page. If the form\nvalidates when submitted, the user will be allowed access to locked pages::\n\n    LOCKDOWN_FORM = 'path.to.my.CustomLockdownForm'\n    \nA form for authenticating against ``django.contrib.auth`` users is provided\nwith django-lockdown (use ``LOCKDOWN_FORM = 'lockdown.forms.AuthForm'``). It\naccepts two keyword arguments (in the ``lockdown`` decorator):\n\n``staff_only``\n  Only allow staff members to preview. Defaults to ``True`` (but the default\n  can be provided as a `LOCKDOWN_AUTHFORM_STAFF_ONLY`_ setting).\n\n``superusers_only``\n  Only allow superusers to preview. Defaults to ``False`` (but the default\n  can be provided as a `LOCKDOWN_AUTHFORM_SUPERUSERS_ONLY`_ setting).\n\nLOCKDOWN_AUTHFORM_STAFF_ONLY\n----------------------------\n\nIf using ``lockdown.forms.AuthForm`` and this setting is ``True``, only staff\nusers will be allowed to preview (True by default).\n\nHas no effect if not using ``lockdown.forms.AuthForm``.\n\nLOCKDOWN_AUTHFORM_SUPERUSERS_ONLY\n---------------------------------\n\nIf using ``lockdown.forms.AuthForm`` and this setting is ``True``, only\nsuperusers will be allowed to preview (False by default). Has no effect if not\nusing ``lockdown.forms.AuthForm``.\n\nLOCKDOWN_SESSION_KEY\n--------------------\n\nOnce a client is authorized for admin preview, they will continue to\nbe authorized for the remainder of their browsing session (using\nDjango's built-in session support). ``LOCKDOWN_SESSION_KEY`` defines\nthe session key used; the default is ``'lockdown-allow'``.\n\n\nTemplates\n=========\n\n``django-lockdown`` uses a single template, ``lockdown/form.html``. The\ndefault template displays a simple \"coming soon\" message and the\npreview authorization form, if a password via `LOCKDOWN_PASSWORDS`_ is set.\n\nIf you want to use a different template, you can use Djangos template\n`loaders`_ to specify a path inside your project to search for templates,\nbefore searching for templates included in ``django-lockdown``.\n\nIn your overwritten template the lockdown preview form is available in the\ntemplate context as ``form``.\n\n.. _loaders: https://docs.djangoproject.com/en/2.1/ref/templates/api/#template-loaders\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDunedan%2Fdjango-lockdown","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDunedan%2Fdjango-lockdown","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDunedan%2Fdjango-lockdown/lists"}