6

How would you implement simple password protection on a Google App Engine application? No users authentication, just simple requirement to enter a password in order to open specific page. The other requirement is that the target page should not be displayed if its URL is entered directly.

I'm looking for a solution using Python.

Marek Stój
  • 4,075
  • 6
  • 49
  • 50

2 Answers2

5

If you're protecting a single page and need no session persistence.

class MainPage(webapp.RequestHandler):
    def post(self):
        if self.request.get('user') == 'admin' and self.request.get('pass') == 'soopersecure':
            self.response.out.write('authorized');
        else:
            self.response.out.write("""
<form method="post">
<input type="text" name="user"/>
<input type="password" name="pass"/>
<input type="submit" value="login"/>
</form>""")

Otherwise you could hash the username + salt and hand it to user as a session ID in a cookie and store that session ID into the datastore. Much simpler to use Google accounts though.

http://code.google.com/appengine/docs/python/gettingstarted/usingusers.html

Novikov
  • 4,399
  • 3
  • 28
  • 36
  • Thanks, it might be the simplest way to return a specific view after user enters correct password. I was thinking though about making a redirect to another section of the site which can contain multiple pages. I think a cookie may be the answer here. – Marek Stój Sep 27 '10 at 18:51
1

If you want to restrict access for the entire app, use URL handler with "login" setting

Check - User and Administrator Login

akjain
  • 1,787
  • 3
  • 20
  • 35