Page MenuHomePhabricator
Create Task
Maniphest T245268

Block /admin login page in production & staging
Closed, ResolvedPublic
Actions

Description

There's no reason to make Django's /admin login page available to users in the Production or Staging environments. Staff are already authenticated, and/or can be added via command line by users with server access. No one should need to log in via /admin directly, so we shouldn't even let users try.

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT240169 Improve staff workflows
 ResolvedNirmalaSainsaraT245268 Block /admin login page in production & staging

Event Timeline

Samwalton9-WMF triaged this task as Low priority.Feb 14 2020, 1:55 PM
Samwalton9-WMF created this task.
Samwalton9-WMF moved this task from Incoming tasks to Open tasks on the Library-Card-Platform board.Jun 5 2020, 10:35 AM
NirmalaSainsara claimed this task.Oct 29 2020, 3:46 PM
NirmalaSainsara added a comment.Oct 29 2020, 3:48 PM

I have done some research on this and will raise a pull request soon

NirmalaSainsara added a comment.Oct 31 2020, 11:36 AM

just raise a pull request https://github.com/WikipediaLibrary/TWLight/pull/555

Samwalton9-WMF added a project: The-Wikipedia-Library (Kanban).Oct 31 2020, 11:47 AM
Samwalton9-WMF moved this task from Ready to Review on the The-Wikipedia-Library (Kanban) board.
jsn.sherman moved this task from Review to Reviewed (waiting for changes) on the The-Wikipedia-Library (Kanban) board.Nov 5 2020, 6:54 PM
Samwalton9-WMF moved this task from Reviewed (waiting for changes) to Review on the The-Wikipedia-Library (Kanban) board.Nov 18 2020, 3:15 PM
jsn.sherman moved this task from Review to Reviewed (waiting for changes) on the The-Wikipedia-Library (Kanban) board.Dec 7 2020, 2:58 PM
Samwalton9-WMF added a comment.Jan 11 2021, 2:30 PM

@NirmalaSainsara You have some feedback in your PR, do you need anything else from us to continue with this?

NirmalaSainsara added a comment.Jan 14 2021, 1:51 AM

Hey sorry for the delay I will get back on it before this weekend.

Samwalton9-WMF moved this task from Reviewed (waiting for changes) to Review on the The-Wikipedia-Library (Kanban) board.Jan 20 2021, 2:59 PM
jsn.sherman moved this task from Review to Reviewed (waiting for changes) on the The-Wikipedia-Library (Kanban) board.Jan 22 2021, 2:12 PM
jsn.sherman moved this task from Reviewed (waiting for changes) to Done on the The-Wikipedia-Library (Kanban) board.Jan 28 2021, 3:52 PM
jsn.sherman subscribed.

merged!

NirmalaSainsara added a comment.Jan 29 2021, 1:59 AM

Oh, that's great. Thanks

Samwalton9-WMF added a comment.Jan 29 2021, 9:37 AM

I still seem to be able to navigate to https://wikipedialibrary.wmflabs.org/admin/login/ and see the login page.

NirmalaSainsara added a comment.Jan 29 2021, 2:13 PM

oh, maybe the new merged changes are not deployed yet.

Samwalton9-WMF moved this task from Done to In Progress on the The-Wikipedia-Library (Kanban) board.Feb 3 2021, 3:18 PM

@jsn.sherman suspects this is simply an issue of the nginx config line being at the bottom of the file rather than the top. Testing.

jsn.sherman added a comment.Feb 3 2021, 7:25 PM

turns out the issue was an oversight in our deployment pipeline:
the change was correctly implemented, but our deployment script doesn't pick up and deploy nginx config changes. They have just been super rare to date.

Samwalton9-WMF closed this task as Resolved.Feb 4 2021, 11:33 AM
Samwalton9-WMF moved this task from In Progress to Done on the The-Wikipedia-Library (Kanban) board.

Confirmed this is now working as expected.

NirmalaSainsara added a comment.Feb 10 2021, 7:46 AM

cool 😀

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits