Basic auth middleware

[symroe]

Basic auth middleware that's enabled if it thinks it's in the correct DC environment.

This will globally restrict the site. I think we might want an allow list for some paths in future (e.g, an API endpoint that already has authentication on it), but this is a decent MVP I think.

[chris48s]

I think we do need the allow list for MVP. As well as API endpoints, you also need to be able to disable this on whatever URL the load balancer uses for its health check endpoint.

Otherwise

• the instance will come up
• the load balancer will get 10 401s in a row
• the instance will shut down

..and now you're in a reboot loop.

Some other things to consider:

Some older DC apps still have some residual code knocking about from before when we did this with django-basicauth. For example:

• https://github.com/DemocracyClub/UK-Polling-Stations/blob/b1168341e2d26955b256f7d77d4b66a89b387fbd/requirements/base.in#L5
• https://github.com/DemocracyClub/UK-Polling-Stations/blob/b1168341e2d26955b256f7d77d4b66a89b387fbd/polling_stations/apps/pollingstations/middleware.py
• https://github.com/DemocracyClub/UK-Polling-Stations/blob/b1168341e2d26955b256f7d77d4b66a89b387fbd/polling_stations/settings/base.py#L113
• https://github.com/DemocracyClub/UK-Polling-Stations/blob/b1168341e2d26955b256f7d77d4b66a89b387fbd/polling_stations/settings/base.py#L293-L296
• https://github.com/DemocracyClub/EveryElection/blob/d49959b2270777ca25302836fa8e2fce52e3528b/every_election/settings/base.py#L277-L279 etc

I think it is reasonable to implement this as a shared middleware in dc_django_utils to standardise it, but when we roll it out we need to be conscious to do the necessary cleanup as part of that job.

[symroe]

Yeah, good point. Added in a new commit,

[chris48s]

Build is failing due to lint errors and I've suggested one more test case. Once you've done those two, I reckon it is good to merge :+1:

[symroe]

Thanks, both done. I'll wait for the build and then merge and publish a new release