fix: add setting to auto-redirect anon users to login, from home page

src/wuttaweb/templates/appinfo/configure.mako

@@ -24,6 +24,36 @@
 
   </div>
 
+  <h3 class="block is-size-3">User/Auth</h3>
+  <div class="block" style="padding-left: 2rem; width: 50%;">
+
+    <b-field>
+      <b-checkbox name="wuttaweb.home_redirect_to_login"
+                  v-model="simpleSettings['wuttaweb.home_redirect_to_login']"
+                  native-value="true"
+                  @input="settingsNeedSaved = true">
+        Home Page auto-redirect to Login
+        <b-tooltip position="is-right">
+          <b-icon pack="fas" icon="info-circle" />
+          <template v-slot:content>
+            <p class="block">
+              If set, show the Login page instead of Home page for Anonymous users.
+            </p>
+            <p class="block has-text-weight-bold">
+              This only "enforces" Login for the Home page, not for
+              other pages.  Anonymous users can see whatever the role
+              permissions authorize.
+            </p>
+            <p class="block">
+              If not set, Anonymous users will see the Home page without being redirected.
+            </p>
+          </template>
+        </b-tooltip>
+      </b-checkbox>
+    </b-field>
+
+  </div>
+
   <h3 class="block is-size-3">Web Libraries</h3>
   <div class="block" style="padding-left: 2rem;">
 

src/wuttaweb/templates/base.mako

@@ -154,7 +154,7 @@
     .wutta-form-wrapper {
         margin-left: 5rem;
         margin-top: 2rem;
-        width: 50%;
+        width: 75%;
     }
 
   </style>

src/wuttaweb/views/common.py

@@ -53,6 +53,11 @@ class CommonView(View):
         if not user:
             return self.redirect(self.request.route_url('setup'))
 
+        # maybe auto-redirect anons to login
+        if not self.request.user:
+            if self.config.get_bool('wuttaweb.home_redirect_to_login'):
+                return self.redirect(self.request.route_url('login'))
+
         return {
             'index_title': self.app.get_title(),
         }

src/wuttaweb/views/settings.py

@@ -63,6 +63,10 @@ class AppInfoView(MasterView):
             {'name': f'{self.app.appname}.production',
              'type': bool},
 
+            # user/auth
+            {'name': 'wuttaweb.home_redirect_to_login',
+             'type': bool, 'default': False},
+
             # web libs
             {'name': 'wuttaweb.libver.vue'},
             {'name': 'wuttaweb.liburl.vue'},

tests/views/test_common.py

@@ -24,6 +24,7 @@ class TestCommonView(WebTestCase):
 
     def test_home(self):
         self.pyramid_config.add_route('setup', '/setup')
+        self.pyramid_config.add_route('login', '/login')
         model = self.app.model
         view = self.make_view()
 
@@ -40,6 +41,16 @@ class TestCommonView(WebTestCase):
         context = view.home(session=self.session)
         self.assertEqual(context['index_title'], self.app.get_title())
 
+        # but if configured, anons will be redirected to login
+        self.config.setdefault('wuttaweb.home_redirect_to_login', 'true')
+        response = view.home(session=self.session)
+        self.assertEqual(response.status_code, 302)
+
+        # now only an auth'ed user can see home page
+        self.request.user = user
+        context = view.home(session=self.session)
+        self.assertEqual(context['index_title'], self.app.get_title())
+
     def test_setup(self):
         self.pyramid_config.add_route('home', '/')
         self.pyramid_config.add_route('login', '/login')