Skip to first unread message
Matt Bushell
Aug 27, 2014, 11:13:44 AM8/27/14
to google-a...@googlegroups.com
Hi there,
I am carrying out my first GAE project, i was wondering if there is a way to restrict any old user from accessing the site while it is in development (with regular code merges from developers being deployed to GAE, riddled with bugs and non functional in general).
The old way being to either restrict access using Apache htaccess and password magic or simply not having a site visible to the public during development, only on LAN and via VPN for remoe client review.
I have googled around and searched the forum but yielded no results other than how to integrate the Google Auth APIs for an actual live site.
Thanks
I am carrying out my first GAE project, i was wondering if there is a way to restrict any old user from accessing the site while it is in development (with regular code merges from developers being deployed to GAE, riddled with bugs and non functional in general).
The old way being to either restrict access using Apache htaccess and password magic or simply not having a site visible to the public during development, only on LAN and via VPN for remoe client review.
I have googled around and searched the forum but yielded no results other than how to integrate the Google Auth APIs for an actual live site.
Thanks
Renzo Nuccitelli
Aug 27, 2014, 3:53:35 PM8/27/14
to google-a...@googlegroups.com
Hi,
Regards,
Renzo Nuccitelli
Chad Vincent
Aug 27, 2014, 5:04:41 PM8/27/14
to google-a...@googlegroups.com
You also can setup an IP whitelist, if all your developers have static IPs or come from a controlled block.
Could also set up a "holding" page as the default version, and have everyone test using a specific-version URI.
Could also set up a "holding" page as the default version, and have everyone test using a specific-version URI.
Adam Wildavsky
Aug 29, 2014, 1:17:28 AM8/29/14
to google-a...@googlegroups.com
What I do is require Google authentication and then check the user's email address and domain against a whitelist. I had some trouble at first because GMail addresses ignore internal periods, so for instance ad...@gmail.com and ada...@gmail.com are the same address. In fact they are also the same as ad...@googlemail.com, but I haven't worried about that case yet. I wrapped this into a class that all my request handlers descend from:
class MyPage(webapp2.RequestHandler):
def validate_user(self, page_template):
template = JINJA_ENVIRONMENT.get_template('under_construction.html')
if users.get_current_user():
url = users.create_logout_url(self.request.uri)
url_linktext = 'Logout'
email = users.get_current_user().email()
# pylint: disable=unused-variable
address, domain = email.split("@")
canonical_address = address.replace('.', '')
canonical_email = canonical_address + '@' + domain
if (domain in WHITELISTED_DOMAINS or
canonical_email in WHITELISTED_ADDRESSES):
template = JINJA_ENVIRONMENT.get_template(page_template)
else:
logging.info('Login disallowed for: %s', email)
else:
url = users.create_login_url(self.request.uri)
url_linktext = 'Login'
template_values = {
'url': url,
'url_linktext': url_linktext,
}
return template, template_values
Each concrete request handler begins something like this:
def get(self):
template, template_values = self.validate_user(PAGE_TEMPLATE)
Suggestions for improvement are welcome!
Reply all
Reply to author
Forward
0 new messages