Metadata-Version: 2.0
Name: django-basic-auth-ip-whitelist
Version: 0.2
Summary: Hide your Django site behind basic authentication mechanism with IP whitelisting support.
Home-page: https://gitlab.com/tmkn/django-basic-auth-ip-whitelist
Author: Tomasz Knapik
Author-email: me@tmkn.org
License: BSD 2-Clause License
Keywords: django,basic,authentication,auth,ip,whitelist,whitelisting,http
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: License :: OSI Approved
Classifier: License :: OSI Approved :: BSD License
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Framework :: Django
Classifier: Framework :: Django :: 1.11
Classifier: Framework :: Django :: 2.0
Requires-Dist: Django (>=1.11,<=2.2)

django-basic-auth-ip-whitelist
==============================

This simple package ships middleware that lets you to set basic auth and
IP whitelisting via settings.

Use case
--------

This package has been created in mind for staging and demo sites that
need to be completely hidden from the Internet behind a password or IP
range.

Requirements
------------

-  Django 1.11 or 2.0
-  Python 3.4, 3.5, 3.6

Installation
------------

The package is on
`PyPI <https://pypi.org/project/django-basic-auth-ip-whitelist/>`__.

.. code:: sh

   pip install django-basic-auth-ip-whitelist

Configuration
-------------

In your Django settings you can configure the following settings.

``BASIC_AUTH_LOGIN`` and ``BASIC_AUTH_PASSWORD``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credentials that you want to use with your basic authentication.

``BASIC_AUTH_WHITELISTED_IP_NETWORKS``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Set a list of network ranges (strings) compatible with Python’s
`ipaddress.ip_network <https://docs.python.org/3.6/library/ipaddress.html#ipaddress.ip_network>`__
that you want to be able to access the website without authentication
from. It must be either a string with networks separated by comma or
Python iterable.

``BASIC_AUTH_REALM``
~~~~~~~~~~~~~~~~~~~~

String specifying the realm of the default response.

Example settings
~~~~~~~~~~~~~~~~

.. code:: python

   MIDDLEWARE += [
       'baipw.middleware.BasicAuthIPWhitelistMiddleware'
   ]
   BASIC_AUTH_LOGIN = 'somelogin'
   BASIC_AUTH_PASSWORD = 'greatpassword'
   BASIC_AUTH_WHITELISTED_IP_NETWORKS = [
       '192.168.0.0/28',
       '2001:db00::0/24',
   ]

Advanced customisation
----------------------

Getting IP
~~~~~~~~~~

If you want to have a custom behaviour when getting IP, you can create a
custom function that takes request as a parameter and specify path to it
in the ``BASIC_AUTH_GET_CLIENT_IP_FUNCTION`` settings, e.g.

.. code:: python

   BASIC_AUTH_GET_CLIENT_IP_FUNCTION = 'utils.ip.get_client_ip'


``BASIC_AUTH_WHITELISTED_HTTP_HOSTS``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Set a list of hosts that your website will be open to without basic
authentication. This is useful if your website is hosted under multiple domains
and you want only one of them to be publicly visible, e.g. by search engines.

**This is by no means a security feature. Please do not use to secure your
site.**

.. code:: python

   BASIC_AUTH_WHITELISTED_HTTP_HOSTS = [
       'your-public-domain.com',
   ]

``BASIC_AUTH_RESPONSE_TEMPLATE``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to display a different template on the 401 page, please use this
setting to point at the template.

.. code:: python

   BASIC_AUTH_RESPONSE_TEMPLATE = '401.html'


``BASIC_AUTH_RESPONSE_CLASS``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to specify custom response class, you can do so with this setting.
Provide the path as a string.

.. code:: python

   BASIC_AUTH_RESPONSE_CLASS = 'yourmodule.response.CustomUnathorisedResponse'

Skip middleware
~~~~~~~~~~~~~~~

You can skip the middleware by setting
`_skip_basic_auth_ip_whitelist_middleware_check` attribute on the request to
`True`.

.. code:: python

   setattr(request, '_skip_basic_auth_ip_whitelist_middleware_check', True)


This may be handy if you have other middleware that you want to have
co-existing different middleware that restrict access to the website.


