Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed #29324 -- Made Settings raise ImproperlyConfigured on SECRET_KEY access; not in init. #9876

Merged
merged 1 commit into from
Apr 17, 2018
Merged

Fixed #29324 -- Made Settings raise ImproperlyConfigured on SECRET_KEY access; not in init. #9876

merged 1 commit into from
Apr 17, 2018

Conversation

jdufresne
Copy link
Member

@jdufresne jdufresne commented Apr 13, 2018
edited
Loading

@timgraham
Copy link
Member

timgraham commented Apr 14, 2018
edited
Loading

SECRET_KEY = '' is now allowed which I don't think should be the case.
Also, I think a test for the AttributeError message should be added.

@jdufresne
Copy link
Member Author

jdufresne commented Apr 14, 2018
edited
Loading

I see your point. I've updated the change to now do both:

  • If SECRET_KEY is set and is empty, raise ImproperlyConfigured in __init__
  • If SECRET_KEY is not set, do not raise an error until accessed

Thanks!

timgraham
timgraham reviewed Apr 16, 2018
View reviewed changes
Copy link
Member

@timgraham timgraham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This message changed slightly:

diff --git a/tests/settings_tests/tests.py b/tests/settings_tests/tests.py
index 5a61895..09c062c 100644
--- a/tests/settings_tests/tests.py
+++ b/tests/settings_tests/tests.py
@@ -234,7 +234,8 @@ class SettingsTests(SimpleTestCase):
         settings.TEST = 'test'
         self.assertEqual('test', settings.TEST)
         del settings.TEST
-        with self.assertRaises(AttributeError):
+        msg = "'Settings' object has no attribute 'TEST'"
+        with self.assertRaisesMessage(AttributeError, msg):
             getattr(settings, 'TEST')
 
     def test_settings_delete_wrapped(self):

I don't know that it matters either way, but please test it.

django/conf/__init__.py Outdated
@@ -115,15 +115,15 @@ def __init__(self, settings_module):
if setting.isupper():
setting_value = getattr(mod, setting)

if setting == 'SECRET_KEY' and not setting_value:
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use single quotes.

docs/ref/settings.txt Outdated
@@ -2120,6 +2122,12 @@ affect them.
startproject <startproject>` creates a unique ``SECRET_KEY`` for
convenience.

.. versionchanged:: 2.1

``SECRET_KEY`` is no longer defined by default. Django will now raise an
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is sufficient, "In older versions, SECRET_KEY defaults to an empty string." (use 4 space indent)

docs/ref/settings.txt Outdated
@@ -2087,7 +2087,9 @@ Uses of the key shouldn't assume that it's text or bytes. Every use should go
through :func:`~django.utils.encoding.force_text` or
:func:`~django.utils.encoding.force_bytes` to convert it to the desired type.

Django will refuse to start if :setting:`SECRET_KEY` is not set.
Django will refuse to start if :setting:`SECRET_KEY` is set to an empty value.
An :class:`~django.core.exceptions.ImproperlyConfigured` exception will be
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is raised if SECRET_KEY is accessed but not set.

tests/admin_scripts/tests.py Outdated
out,
"+ INSTALLED_APPS = ['django.contrib.auth', 'django.contrib.contenttypes', 'admin_scripts']"
)
self.assertNotInOutput(out, "- SECRET_KEY = ''")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this assertion isn't needed.

@jdufresne
Copy link
Member Author

Thanks for the review Tim. I've made the suggested changes.

@timgraham timgraham merged commit b3cffde into django:master Apr 17, 2018
beniwohli added a commit to beniwohli/apm-agent-python that referenced this pull request Apr 26, 2018
@beniwohli
add default SECRET_KEY to test suite
3a6ad5c 
django/django#9876 removed the default
SECRET_KEY, leading to an error when we try to access it in the
tests
@beniwohli beniwohli mentioned this pull request Apr 26, 2018
Closed
beniwohli added a commit to elastic/apm-agent-python that referenced this pull request Apr 26, 2018
@beniwohli
add default SECRET_KEY to test suite (#204)
51ee22a 
django/django#9876 removed the default
SECRET_KEY, leading to an error when we try to access it in the
tests

closes #204
beniwohli added a commit to elastic/apm-agent-python that referenced this pull request Apr 26, 2018
@beniwohli
add default SECRET_KEY to test suite (#204)
1a6e5a1 
django/django#9876 removed the default
SECRET_KEY, leading to an error when we try to access it in the
tests

closes #204
@jdufresne jdufresne deleted the secret-key-on-access branch August 18, 2018 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timgraham timgraham timgraham left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jdufresne @timgraham