Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Updated django to 1.4.

  • Loading branch information...
commit 21ea4c112194772080d784cb5eb384685d0f2508 1 parent 7b065ff
@rlr authored
Showing with 21 additions and 7 deletions.
  1. +1 −1  funfactory/requirements/prod.txt
  2. +20 −6 funfactory/settings_base.py
View
2  funfactory/requirements/prod.txt
@@ -1,5 +1,5 @@
# Django stuff
-Django==1.3.1
+Django==1.4
-e git://github.com/jbalogh/django-multidb-router.git#egg=django-multidb-router
-e git://github.com/jsocol/django-cronjobs.git#egg=django-cronjobs
View
26 funfactory/settings_base.py
@@ -151,10 +151,15 @@ def lazy_langs():
# Examples: "http://media.lawrence.com", "http://example.com/media/"
MEDIA_URL = '/media/'
-# URL prefix for admin media -- CSS, JavaScript and images. Make sure to use a
-# trailing slash.
-# Examples: "http://foo.com/media/", "/media/".
-ADMIN_MEDIA_PREFIX = '/admin-media/'
+# Absolute path to the directory static files should be collected to.
+# Don't put anything in this directory yourself; store your static files
+# in apps' "static/" subdirectories and in STATICFILES_DIRS.
+# Example: "/home/media/media.lawrence.com/static/"
+STATIC_ROOT = path('static')

playdoh will need its update.py script updated to suggest manage.py collectstatic

@rlr Owner
rlr added a note

yep! Have that on my TODO to update that, local settings and the vendor refspec once I update it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+
+# URL prefix for static files.
+# Example: "http://media.lawrence.com/static/"
+STATIC_URL = '/static/'
# Make this unique, and don't share it with anybody.
# Set this in your local settings which is not committed to version control.
@@ -227,9 +232,9 @@ def JINJA_CONFIG():
# Django contrib apps
'django.contrib.auth',
- 'django_sha2', # Load after auth to monkey-patch it.
'django.contrib.contenttypes',
'django.contrib.sessions',
+ 'django.contrib.staticfiles',
# 'django.contrib.sites',
# 'django.contrib.messages',
# Uncomment the next line to enable the admin:
@@ -256,11 +261,20 @@ def JINJA_CONFIG():
SESSION_COOKIE_HTTPONLY = True
## Auth
-PWD_ALGORITHM = 'sha512' # recommended: 'bcrypt'
+BASE_PASSWORD_HASHERS = (
+ # recommended: 'django_sha2.hashers.BcryptHMACCombinedPasswordVerifier',
+ 'django_sha2.hashers.SHA512PasswordHasher',
+ 'django.contrib.auth.hashers.SHA1PasswordHasher',
+ 'django.contrib.auth.hashers.MD5PasswordHasher',
+ 'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
+)

@fwenzel is this in line with what security recommended for the sha 512 / bcrypt approach? I think it is but just checking.

@rlr Owner
rlr added a note

It more or less matches the bottom of the readme at https://github.com/fwenzel/django-sha2

@rlr Owner
rlr added a note

I guess I missed the SHA256 one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
HMAC_KEYS = { # for bcrypt only
#'2011-01-01': 'cheesecake',
}
+from django_sha2 import get_password_hashers
+PASSWORD_HASHERS = get_password_hashers(BASE_PASSWORD_HASHERS, HMAC_KEYS)
+
## Tests
TEST_RUNNER = 'test_utils.runner.RadicalTestSuiteRunner'

2 comments on commit 21ea4c1

@kumar303

r+wc from me. @peterbe should r too so you guys are in sync on the static files stuff.

@kumar303

once this lands, the docs should link to the commit in the upgrade section. Mainly this is because people who choose to put an old django in their vendor-local (for compatibility reasons) will also need to adjust their settings for the old password hashing stuff

Please sign in to comment.
Something went wrong with that request. Please try again.