From 5193a234b2bb46e0a1a0e50642c41c46d796480d Mon Sep 17 00:00:00 2001
From: Fredrik Jonsson <frjo@xdeb.org>
Date: Wed, 8 Aug 2018 12:21:20 +0200
Subject: [PATCH] Basic auth to stop access to other than primary hosts.

---
 opentech/settings/production.py | 15 +++++++++++++++
 requirements.txt                |  1 +
 2 files changed, 16 insertions(+)

diff --git a/opentech/settings/production.py b/opentech/settings/production.py
index aa320c10e..c038b7b46 100644
--- a/opentech/settings/production.py
+++ b/opentech/settings/production.py
@@ -144,6 +144,21 @@ if 'LOG_DIR' in env:
     LOGGING['loggers']['django.request']['handlers'].append('errors_file')
     LOGGING['loggers']['django.security']['handlers'].append('errors_file')
 
+# Basic auth to stop access to other than primary hosts.
+
+MIDDLEWARE += [
+    'baipw.middleware.BasicAuthIPWhitelistMiddleware'
+]
+
+if 'BASIC_AUTH_LOGIN' in env:
+    BASIC_AUTH_LOGIN = env['BASIC_AUTH_LOGIN']
+
+if 'BASIC_AUTH_PASSWORD' in env:
+    BASIC_AUTH_PASSWORD = env['BASIC_AUTH_PASSWORD']
+
+if 'BASIC_AUTH_WHITELISTED_HTTP_HOSTS' in env:
+    BASIC_AUTH_WHITELISTED_HTTP_HOSTS = env['BASIC_AUTH_WHITELISTED_HTTP_HOSTS'].split(',')
+
 django_heroku.settings(locals())
 
 try:
diff --git a/requirements.txt b/requirements.txt
index 55895a597..187e76e35 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,6 +29,7 @@ django_select2==6.0.1
 
 # Production dependencies
 dj-database-url==0.5.0
+django-basic-auth-ip-whitelist==0.2.1
 django-heroku==0.3.1
 whitenoise==3.3.1
 gunicorn==19.9.0
-- 
GitLab