[Solved]-Making a beta code for a public django site

You can probably restrict access to the entire site via apache with htaccess, taking the problem out of the django’s project space entirely.

Do what StackOverflow did.

They had a simple email/password form. It had a single hard-coded password (falkensmaze). When the user gets the password right set a cookie. eg. auth=1

Don’t worry about it being unsecure. Who care’s if someone hacks into the beta?

Apache/htaccess is also a nice and simple solution.

You should be able to add @login_required decorators across the board and be done with it. Unless you have a boat-load of view functions, it shouldn’t be too horrible.

I’m not sure what version of the Pinax code you’re using, but they’ve built in the ability to close the site off for a private beta so you don’t need to do much work yourself.

The link to the specific project template for a private beta site is here: http://github.com/pinax/pinax/tree/3ad73d1ba44f37365333bae17b507668b0eb7e16/pinax/projects/private_beta_project although I think they might have since added that functionality to all the project templates.

Great snippet but it resulted lots of problems for me related OpenId sessions. So I end up relying on Cookies instead of the Session:

class BetaMiddleware(object):
    """
    Require beta code cookie key in order to view any page.
    """
    set_beta = False
    def process_request(self, request):
        referer = request.META.get('HTTP_REFERER', '')

        if request.method == 'GET' and not 'is_in_beta' in request.COOKIES:
            return HttpResponseRedirect('%s?next=%s' % ('/beta/', request.path))

        if request.method == 'POST' and 'pass' in request.POST:
            code = request.POST['pass']

            if code=='beta':
                self.set_beta = True
                return HttpResponseRedirect('%s' % '/')

    def process_response(self, request, response):        

        if self.set_beta is True:
            response.set_cookie('is_in_beta', '1')
        return response

It’s not secure but that’s enough for me. This also works with just a beta html page.

use this middleware:

class BetaForm(Form):
    beta_pass = CharField(required=True)

    def clean_beta_pass(self):
        data = self.cleaned_data['beta_pass']
        if data != settings.BETA_PASS:
            raise forms.ValidationError("Invalid Beta pass!")
        return data


class BetaView(FormView):
    form_class = BetaForm
    template_name = "beta.html"

    def form_valid(self, form):
        response = HttpResponseRedirect(self.request.GET.get("next", "/"))
        response.set_cookie(settings.BETA_PASS, '')
        return response


def beta_middleware(get_response):
    def middleware(request):

        if request.path == reverse("beta"):
            return get_response(request)
        else:
            if settings.BETA_PASS in request.COOKIES:
                return get_response(request)
            else:
                return HttpResponseRedirect(
                    '%s?%s' % (reverse("beta"), urlencode({"next": request.get_full_path()})))
    return middleware

this template:

<!doctype html>
<title>Welcome to the beta!</title>
<style>
  body { text-align: center; padding: 150px; }
  h1 { font-size: 50px; }
  body { font: 20px Helvetica, sans-serif; color: #333; }
  article { display: block; text-align: left; width: 650px; margin: 0 auto; }
  a { color: #dc8100; text-decoration: none; }
  a:hover { color: #333; text-decoration: none; }
</style>

<article>

    <h1>>Welcome to the beta lucky user!</h1>
    <div>
        <form method="POST">
            {% csrf_token %}
            {{form}}
            <input type="submit">
        </form>
    </div>
</article>

this settings:

BETA_PASS="beta"

this path:

path("beta",BetaView.as_view(),name="beta"),