mirror of
https://github.com/django/django.git
synced 2025-10-24 06:06:09 +00:00
Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."
This reverts commit b3cffde555
due to
a regression and performance concerns.
This commit is contained in:
@@ -116,15 +116,15 @@ class Settings:
|
|||||||
if setting.isupper():
|
if setting.isupper():
|
||||||
setting_value = getattr(mod, setting)
|
setting_value = getattr(mod, setting)
|
||||||
|
|
||||||
if setting == 'SECRET_KEY' and not setting_value:
|
|
||||||
raise ImproperlyConfigured('The SECRET_KEY setting must not be empty.')
|
|
||||||
|
|
||||||
if (setting in tuple_settings and
|
if (setting in tuple_settings and
|
||||||
not isinstance(setting_value, (list, tuple))):
|
not isinstance(setting_value, (list, tuple))):
|
||||||
raise ImproperlyConfigured("The %s setting must be a list or a tuple. " % setting)
|
raise ImproperlyConfigured("The %s setting must be a list or a tuple. " % setting)
|
||||||
setattr(self, setting, setting_value)
|
setattr(self, setting, setting_value)
|
||||||
self._explicit_settings.add(setting)
|
self._explicit_settings.add(setting)
|
||||||
|
|
||||||
|
if not self.SECRET_KEY:
|
||||||
|
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
|
||||||
|
|
||||||
if self.is_overridden('DEFAULT_CONTENT_TYPE'):
|
if self.is_overridden('DEFAULT_CONTENT_TYPE'):
|
||||||
warnings.warn('The DEFAULT_CONTENT_TYPE setting is deprecated.', RemovedInDjango30Warning)
|
warnings.warn('The DEFAULT_CONTENT_TYPE setting is deprecated.', RemovedInDjango30Warning)
|
||||||
|
|
||||||
@@ -140,11 +140,6 @@ class Settings:
|
|||||||
os.environ['TZ'] = self.TIME_ZONE
|
os.environ['TZ'] = self.TIME_ZONE
|
||||||
time.tzset()
|
time.tzset()
|
||||||
|
|
||||||
def __getattr__(self, name):
|
|
||||||
if name == 'SECRET_KEY':
|
|
||||||
raise ImproperlyConfigured('The SECRET_KEY setting must be set.')
|
|
||||||
raise AttributeError("'%s' object has no attribute '%s'" % (self.__class__.__name__, name))
|
|
||||||
|
|
||||||
def is_overridden(self, setting):
|
def is_overridden(self, setting):
|
||||||
return setting in self._explicit_settings
|
return setting in self._explicit_settings
|
||||||
|
|
||||||
|
@@ -256,6 +256,11 @@ ABSOLUTE_URL_OVERRIDES = {}
|
|||||||
# ]
|
# ]
|
||||||
IGNORABLE_404_URLS = []
|
IGNORABLE_404_URLS = []
|
||||||
|
|
||||||
|
# A secret key for this particular Django installation. Used in secret-key
|
||||||
|
# hashing algorithms. Set this in your settings, or Django will complain
|
||||||
|
# loudly.
|
||||||
|
SECRET_KEY = ''
|
||||||
|
|
||||||
# Default file storage mechanism that holds media.
|
# Default file storage mechanism that holds media.
|
||||||
DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'
|
DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'
|
||||||
|
|
||||||
|
@@ -2066,7 +2066,7 @@ object. See :ref:`how-django-processes-a-request` for details.
|
|||||||
``SECRET_KEY``
|
``SECRET_KEY``
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
Default: Not defined
|
Default: ``''`` (Empty string)
|
||||||
|
|
||||||
A secret key for a particular Django installation. This is used to provide
|
A secret key for a particular Django installation. This is used to provide
|
||||||
:doc:`cryptographic signing </topics/signing>`, and should be set to a unique,
|
:doc:`cryptographic signing </topics/signing>`, and should be set to a unique,
|
||||||
@@ -2079,9 +2079,7 @@ Uses of the key shouldn't assume that it's text or bytes. Every use should go
|
|||||||
through :func:`~django.utils.encoding.force_text` or
|
through :func:`~django.utils.encoding.force_text` or
|
||||||
:func:`~django.utils.encoding.force_bytes` to convert it to the desired type.
|
:func:`~django.utils.encoding.force_bytes` to convert it to the desired type.
|
||||||
|
|
||||||
Django will refuse to start if :setting:`SECRET_KEY` is set to an empty value.
|
Django will refuse to start if :setting:`SECRET_KEY` is not set.
|
||||||
:class:`~django.core.exceptions.ImproperlyConfigured` is raised if
|
|
||||||
``SECRET_KEY`` is accessed but not set.
|
|
||||||
|
|
||||||
.. warning::
|
.. warning::
|
||||||
|
|
||||||
@@ -2114,10 +2112,6 @@ affect them.
|
|||||||
startproject <startproject>` creates a unique ``SECRET_KEY`` for
|
startproject <startproject>` creates a unique ``SECRET_KEY`` for
|
||||||
convenience.
|
convenience.
|
||||||
|
|
||||||
.. versionchanged:: 2.1
|
|
||||||
|
|
||||||
In older versions, ``SECRET_KEY`` defaults to an empty string.
|
|
||||||
|
|
||||||
.. setting:: SECURE_BROWSER_XSS_FILTER
|
.. setting:: SECURE_BROWSER_XSS_FILTER
|
||||||
|
|
||||||
``SECURE_BROWSER_XSS_FILTER``
|
``SECURE_BROWSER_XSS_FILTER``
|
||||||
|
@@ -2213,11 +2213,7 @@ class DiffSettings(AdminScriptTestCase):
|
|||||||
out, err = self.run_manage(args)
|
out, err = self.run_manage(args)
|
||||||
self.assertNoOutput(err)
|
self.assertNoOutput(err)
|
||||||
self.assertOutput(out, "+ FOO = 'bar'")
|
self.assertOutput(out, "+ FOO = 'bar'")
|
||||||
self.assertOutput(out, "- INSTALLED_APPS = []")
|
self.assertOutput(out, "- SECRET_KEY = ''")
|
||||||
self.assertOutput(
|
|
||||||
out,
|
|
||||||
"+ INSTALLED_APPS = ['django.contrib.auth', 'django.contrib.contenttypes', 'admin_scripts']"
|
|
||||||
)
|
|
||||||
self.assertOutput(out, "+ SECRET_KEY = 'django_tests_secret_key'")
|
self.assertOutput(out, "+ SECRET_KEY = 'django_tests_secret_key'")
|
||||||
self.assertNotInOutput(out, " APPEND_SLASH = True")
|
self.assertNotInOutput(out, " APPEND_SLASH = True")
|
||||||
|
|
||||||
@@ -2233,12 +2229,7 @@ class DiffSettings(AdminScriptTestCase):
|
|||||||
self.assertNoOutput(err)
|
self.assertNoOutput(err)
|
||||||
self.assertOutput(out, " APPEND_SLASH = True")
|
self.assertOutput(out, " APPEND_SLASH = True")
|
||||||
self.assertOutput(out, "+ FOO = 'bar'")
|
self.assertOutput(out, "+ FOO = 'bar'")
|
||||||
self.assertOutput(out, "- INSTALLED_APPS = []")
|
self.assertOutput(out, "- SECRET_KEY = ''")
|
||||||
self.assertOutput(
|
|
||||||
out,
|
|
||||||
"+ INSTALLED_APPS = ['django.contrib.auth', 'django.contrib.contenttypes', 'admin_scripts']"
|
|
||||||
)
|
|
||||||
self.assertOutput(out, "+ SECRET_KEY = 'django_tests_secret_key'")
|
|
||||||
|
|
||||||
|
|
||||||
class Dumpdata(AdminScriptTestCase):
|
class Dumpdata(AdminScriptTestCase):
|
||||||
|
@@ -291,20 +291,8 @@ class SettingsTests(SimpleTestCase):
|
|||||||
def test_no_secret_key(self):
|
def test_no_secret_key(self):
|
||||||
settings_module = ModuleType('fake_settings_module')
|
settings_module = ModuleType('fake_settings_module')
|
||||||
sys.modules['fake_settings_module'] = settings_module
|
sys.modules['fake_settings_module'] = settings_module
|
||||||
msg = 'The SECRET_KEY setting must be set.'
|
msg = 'The SECRET_KEY setting must not be empty.'
|
||||||
try:
|
try:
|
||||||
settings = Settings('fake_settings_module')
|
|
||||||
with self.assertRaisesMessage(ImproperlyConfigured, msg):
|
|
||||||
settings.SECRET_KEY
|
|
||||||
finally:
|
|
||||||
del sys.modules['fake_settings_module']
|
|
||||||
|
|
||||||
def test_secret_key_empty_string(self):
|
|
||||||
settings_module = ModuleType('fake_settings_module')
|
|
||||||
settings_module.SECRET_KEY = ''
|
|
||||||
sys.modules['fake_settings_module'] = settings_module
|
|
||||||
try:
|
|
||||||
msg = 'The SECRET_KEY setting must not be empty.'
|
|
||||||
with self.assertRaisesMessage(ImproperlyConfigured, msg):
|
with self.assertRaisesMessage(ImproperlyConfigured, msg):
|
||||||
Settings('fake_settings_module')
|
Settings('fake_settings_module')
|
||||||
finally:
|
finally:
|
||||||
|
Reference in New Issue
Block a user