configure password via env var

.env.example

@@ -5,6 +5,7 @@ ODOO_USERNAME=CHANGEME
 ODOO_PASSWORD=CHANGEME
 BROKER_USERNAME=broker
 BROKER_PASSWORD=CHANGEME
+CSP_CALCULATOR_PASSWORD=servala2025
 ALLOWED_HOSTS=localhost,127.0.0.1
 SECRET_KEY="django-insecure-CHANGEME"
 ODOO_LEAD_CAMPAIGN_ID=6

hub/services/templates/calculator/password_form.html

@@ -17,12 +17,13 @@
 
                     {% if messages %}
                         {% for message in messages %}
-                            <div class="alert alert-danger" role="alert">
+                            <div class="alert alert-{% if message.tags == 'error' %}danger{% else %}{{ message.tags }}{% endif %}" role="alert">
                                 {{ message }}
                             </div>
                         {% endfor %}
                     {% endif %}
 
+                    {% if not password_error %}
                     <form method="post">
                         {% csrf_token %}
                         <div class="mb-3">
@@ -31,6 +32,12 @@
                         </div>
                         <button type="submit" class="btn btn-primary w-100">Access Calculator</button>
                     </form>
+                    {% else %}
+                    <div class="text-center">
+                        <p class="text-muted">The calculator is temporarily unavailable due to configuration issues.</p>
+                        <a href="/" class="btn btn-outline-secondary">Return to Homepage</a>
+                    </div>
+                    {% endif %}
                 </div>
             </div>
         </div>

hub/services/views/calculator.py

@@ -1,6 +1,7 @@
 from django.shortcuts import render, redirect
 from django.contrib import messages
 from django.views.decorators.http import require_http_methods
+from django.conf import settings
 
 
 @require_http_methods(["GET", "POST"])
@@ -14,13 +15,30 @@ def csp_roi_calculator(request):
         request.session.pop("csp_calculator_authenticated", None)
         return redirect("services:csp_roi_calculator")
 
-    # Simple password protection - check if authenticated in session
+    # Get password from Django settings
+    calculator_password = getattr(settings, "CSP_CALCULATOR_PASSWORD", None)
+
+    # If no password is configured, deny access
+    if not calculator_password:
+        messages.error(
+            request,
+            "Calculator is not properly configured. Please contact administrator.",
+        )
+        return render(
+            request, "calculator/password_form.html", {"password_error": True}
+        )
+
+    # Password protection - check if authenticated in session
     if not request.session.get("csp_calculator_authenticated", False):
         if request.method == "POST":
             password = request.POST.get("password", "")
-            # Simple password check - in production, this should be more secure
+
-            if password == "servala2025":  # TODO: Move to environment variable
+            # Validate password
+            if password == calculator_password:
                 request.session["csp_calculator_authenticated"] = True
+                # Set session timeout (optional - expires after 24 hours of inactivity)
+                request.session.set_expiry(86400)  # 24 hours
+                messages.success(request, "Access granted to CSP ROI Calculator.")
                 return redirect("services:csp_roi_calculator")
             else:
                 messages.error(request, "Invalid password. Please try again.")

hub/settings.py

@@ -238,6 +238,9 @@ ODOO_CONFIG = {
     "mailing_list_id": env.int("ODOO_MAILING_LIST_ID", default=46),
 }
 
+# CSP ROI Calculator Configuration
+CSP_CALCULATOR_PASSWORD = env.str("CSP_CALCULATOR_PASSWORD", default=None)
+
 BROKER_USERNAME = env.str("BROKER_USERNAME", default="broker")
 BROKER_PASSWORD = env.str("BROKER_PASSWORD", default="secret")
 BASE_URL = "https://your-domain.com"