Permalink
Browse files

Updated django to 1.4.

  • Loading branch information...
rlr committed May 19, 2012
1 parent 7b065ff commit 21ea4c112194772080d784cb5eb384685d0f2508
Showing with 21 additions and 7 deletions.
  1. +1 −1 funfactory/requirements/prod.txt
  2. +20 −6 funfactory/settings_base.py
@@ -1,5 +1,5 @@
# Django stuff
-Django==1.3.1
+Django==1.4
-e git://github.com/jbalogh/django-multidb-router.git#egg=django-multidb-router
-e git://github.com/jsocol/django-cronjobs.git#egg=django-cronjobs
@@ -151,10 +151,15 @@ def lazy_langs():
# Examples: "http://media.lawrence.com", "http://example.com/media/"
MEDIA_URL = '/media/'
-# URL prefix for admin media -- CSS, JavaScript and images. Make sure to use a
-# trailing slash.
-# Examples: "http://foo.com/media/", "/media/".
-ADMIN_MEDIA_PREFIX = '/admin-media/'
+# Absolute path to the directory static files should be collected to.
+# Don't put anything in this directory yourself; store your static files
+# in apps' "static/" subdirectories and in STATICFILES_DIRS.
+# Example: "/home/media/media.lawrence.com/static/"
+STATIC_ROOT = path('static')

This comment has been minimized.

Show comment Hide comment
@kumar303

kumar303 May 30, 2012

playdoh will need its update.py script updated to suggest manage.py collectstatic

@kumar303

kumar303 May 30, 2012

playdoh will need its update.py script updated to suggest manage.py collectstatic

This comment has been minimized.

Show comment Hide comment
@rlr

rlr May 30, 2012

Owner

yep! Have that on my TODO to update that, local settings and the vendor refspec once I update it.

@rlr

rlr May 30, 2012

Owner

yep! Have that on my TODO to update that, local settings and the vendor refspec once I update it.

+
+# URL prefix for static files.
+# Example: "http://media.lawrence.com/static/"
+STATIC_URL = '/static/'
# Make this unique, and don't share it with anybody.
# Set this in your local settings which is not committed to version control.
@@ -227,9 +232,9 @@ def JINJA_CONFIG():
# Django contrib apps
'django.contrib.auth',
- 'django_sha2', # Load after auth to monkey-patch it.
'django.contrib.contenttypes',
'django.contrib.sessions',
+ 'django.contrib.staticfiles',
# 'django.contrib.sites',
# 'django.contrib.messages',
# Uncomment the next line to enable the admin:
@@ -256,11 +261,20 @@ def JINJA_CONFIG():
SESSION_COOKIE_HTTPONLY = True
## Auth
-PWD_ALGORITHM = 'sha512' # recommended: 'bcrypt'
+BASE_PASSWORD_HASHERS = (
+ # recommended: 'django_sha2.hashers.BcryptHMACCombinedPasswordVerifier',
+ 'django_sha2.hashers.SHA512PasswordHasher',
+ 'django.contrib.auth.hashers.SHA1PasswordHasher',
+ 'django.contrib.auth.hashers.MD5PasswordHasher',
+ 'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
+)

This comment has been minimized.

Show comment Hide comment
@kumar303

kumar303 May 30, 2012

@fwenzel is this in line with what security recommended for the sha 512 / bcrypt approach? I think it is but just checking.

@kumar303

kumar303 May 30, 2012

@fwenzel is this in line with what security recommended for the sha 512 / bcrypt approach? I think it is but just checking.

This comment has been minimized.

Show comment Hide comment
@rlr

rlr May 30, 2012

Owner

It more or less matches the bottom of the readme at https://github.com/fwenzel/django-sha2

@rlr

rlr May 30, 2012

Owner

It more or less matches the bottom of the readme at https://github.com/fwenzel/django-sha2

This comment has been minimized.

Show comment Hide comment
@rlr

rlr May 30, 2012

Owner

I guess I missed the SHA256 one.

@rlr

rlr May 30, 2012

Owner

I guess I missed the SHA256 one.

HMAC_KEYS = { # for bcrypt only
#'2011-01-01': 'cheesecake',
}
+from django_sha2 import get_password_hashers
+PASSWORD_HASHERS = get_password_hashers(BASE_PASSWORD_HASHERS, HMAC_KEYS)
+
## Tests
TEST_RUNNER = 'test_utils.runner.RadicalTestSuiteRunner'

2 comments on commit 21ea4c1

@kumar303

This comment has been minimized.

Show comment Hide comment
@kumar303

kumar303 May 30, 2012

r+wc from me. @peterbe should r too so you guys are in sync on the static files stuff.

r+wc from me. @peterbe should r too so you guys are in sync on the static files stuff.

@kumar303

This comment has been minimized.

Show comment Hide comment
@kumar303

kumar303 May 30, 2012

once this lands, the docs should link to the commit in the upgrade section. Mainly this is because people who choose to put an old django in their vendor-local (for compatibility reasons) will also need to adjust their settings for the old password hashing stuff

once this lands, the docs should link to the commit in the upgrade section. Mainly this is because people who choose to put an old django in their vendor-local (for compatibility reasons) will also need to adjust their settings for the old password hashing stuff

Please sign in to comment.