A simple Django reusable application for locking down an entire site (or particular views), with customizable date ranges and preview authorization.


Install from PyPI with easy_install or pip:

pip install django-lockdown

or get the in-development version:

pip install django-lockdown==dev

To use django-lockdown in your Django project:

  1. Add 'lockdown' to your INSTALLED_APPS setting.
  2. To enable admin preview of locked-down sites or views with passwords, set the LOCKDOWN_PASSWORDS setting to a tuple of one or more plain-text passwords.
  3. Protect the entire site by using middleware, or protect individual views by applying a decorator to them.

For more advanced customization of admin preview authorization, see the LOCKDOWN_FORM setting.

Using the middleware

To lock down the entire site, add the lockdown middleware to your MIDDLEWARE_CLASSES setting:

    # ...

Optionally, you may also add URL regular expressions to a LOCKDOWN_URL_EXCEPTIONS setting.

Using the decorator

Apply the decorator to individual views you want to protect. For example:

def secret_page(request):
    # ...

The decorator accepts four arguments:

The form to use for providing an admin preview, rather than the form referenced by settings.LOCKDOWN_FORM. Note that this must be an actual form class, not a module reference like the setting.
The date to use rather than the date provided by settings.LOCKDOWN_UNTIL.
The date to use rather than the date provided by settings.LOCKDOWN_AFTER.
A preview logout key to use, rather than the one provided by settings.LOCKDOWN_LOGOUT_KEY.
The session key to use, rather than the one provided by settings.LOCKDOWN_SESSION_KEY.
A list of regular expressions for which matching urls can bypass the lockdown (rather than using those defined in settings.LOCKDOWN_URL_EXCEPTIONS).

Any further keyword arguments are passed to the admin preview form. The default form accepts one argument:

A tuple of passwords to use, rather than the ones provided by settings.LOCKDOWN_PASSWORDS.



One or more plain-text passwords which allow the previewing of the site or views protected by django-lockdown:

LOCKDOWN_PASSWORDS = ('letmein', 'beta')

If this setting is not provided (and the default LOCKDOWN_FORM is being used), there will be no admin preview for locked-down pages.


An optional list/tuple of regular expressions to be matched against incoming URLs. If a URL matches a regular expression in this list, it will not be locked. For example:

    r'^/about/$',   # unlock /about/
    r'\.json$',   # unlock JSON API


Used to lock the site down up until a certain date. Use a datetime.datetime object.

If neither LOCKDOWN_UNTIL or LOCKDOWN_AFTER is provided (i.e. the default), the site or views will always be locked.


Used to lock the site down after a certain date. Use a datetime.datetime object.



A key which, if provided in the querystring of a locked URL, will log out the user from the preview.


The default lockdown form allows admin preview by entering a preset plain-text password (checked, by default, against the LOCKDOWN_PASSWORDS setting). To set up more advanced methods of authenticating access to locked-down pages, set LOCKDOWN_FORM to the Python dotted path to a Django Form subclass. This form will be displayed on the lockout page. If the form validates when submitted, the user will be allowed access to locked pages:

LOCKDOWN_FORM = 'path.to.my.CustomLockdownForm'

A form for authenticating against django.contrib.auth users is provided with django-lockdown (use LOCKDOWN_FORM = 'lockdown.forms.AuthForm'). It has two keyword arguments which can be passed (in the lockdown decorator):

Only allow staff members to preview. Defaults to True (but the default can be provided as a LOCKDOWN_AUTHFORM_STAFF_ONLY setting).
Only allow superusers to preview. Defaults to False (but the default can be provided as a LOCKDOWN_AUTHFORM_SUPERUSERS_ONLY setting).


Once a client is authorized for admin preview, they will continue to be authorized for the remainder of their browsing session (using Django's built-in session support). LOCKDOWN_SESSION_KEY defines the session key used; the default is 'lockdown-allow'.


Django-lockdown uses a single template, lockdown/form.html. The default template displays a simple "coming soon" message and the password entry form.

If you override this template, the lockdown preview form is available in the template context as form.