Create a persistent default random secret key if none are set

If there are no SECRET_KEY or ARA_SECRET_KEY environment variables
set or if there is no configuration file with the SECRET_KEY variable
set, settings.py will generate a random secret key once and it will
be persisted to the default configuration.

Change-Id: Idf2f1ee5f8a70bc2411de51a154bc4504705d89a
This commit is contained in:
David Moreau Simard 2019-01-15 10:44:26 -05:00
parent eadd3712b5
commit 8b8bc03f7c
No known key found for this signature in database
GPG Key ID: CBEB466764A9E621
2 changed files with 12 additions and 5 deletions

View File

@ -2,6 +2,7 @@ import os
import textwrap
import yaml
from django.utils.crypto import get_random_string
from dynaconf import LazySettings
settings = LazySettings(GLOBAL_ENV_FOR_DYNACONF="ARA", ENVVAR_FOR_DYNACONF="ARA_SETTINGS")
@ -19,7 +20,14 @@ CORS_ORIGIN_ALLOW_ALL = settings.get("CORS_ORIGIN_ALLOW_ALL", False)
ADMINS = settings.get("ADMINS", ())
SECRET_KEY = settings.get("SECRET_KEY")
def get_secret_key():
if not settings.get("SECRET_KEY"):
return get_random_string(length=25)
return settings.get("SECRET_KEY")
SECRET_KEY = get_secret_key()
# We're not expecting ARA to use multiple concurrent databases.
# Make it easier for users to specify the configuration for a single database.
@ -157,7 +165,7 @@ if not os.path.exists(DEFAULT_CONFIG):
ALLOWED_HOSTS=ALLOWED_HOSTS,
CORS_ORIGIN_WHITELIST=CORS_ORIGIN_WHITELIST,
CORS_ORIGIN_ALLOW_ALL=CORS_ORIGIN_ALLOW_ALL,
SECRET_KEY="please-change-this",
SECRET_KEY=SECRET_KEY,
DATABASES=DATABASES,
STATIC_URL=STATIC_URL,
STATIC_ROOT=STATIC_ROOT,
@ -178,3 +186,5 @@ if not os.path.exists(DEFAULT_CONFIG):
"""
config_file.write(textwrap.dedent(comment))
yaml.dump({"default": CONFIG}, config_file, default_flow_style=False)
ARA_SETTINGS = os.getenv("ARA_SETTINGS", DEFAULT_CONFIG)

View File

@ -26,7 +26,6 @@ setenv =
ARA_DEBUG=true
ARA_LOG_LEVEL=DEBUG
ARA_BASE_DIR={toxinidir}/.tox/ansible-integration/tmp/ara
ARA_SECRET_KEY=testing
[testenv:runserver]
commands =
@ -37,7 +36,6 @@ setenv =
ARA_DEBUG=true
ARA_LOG_LEVEL=DEBUG
ARA_BASE_DIR={toxinidir}/.tox/ansible-integration/tmp/ara
ARA_SECRET_KEY=testing
# Temporary venv to help bootstrap integration
[testenv:ansible-integration]
@ -52,7 +50,6 @@ setenv =
ARA_DEBUG=true
ARA_LOG_LEVEL=DEBUG
ARA_BASE_DIR={toxinidir}/.tox/ansible-integration/tmp/ara
ARA_SECRET_KEY=testing
whitelist_externals =
rm
bash