Added SECRET_KEY to the options file

2017-09-21 17:07:42 -04:00 · 2017-09-21 17:07:42 -04:00 · 02bd2e3294
parent b7fc3628df
commit 02bd2e3294
2 changed files with 13 additions and 1 deletions
--- a/EpisodesCommunity/settings.py
+++ b/EpisodesCommunity/settings.py
@ -11,6 +11,12 @@ https://docs.djangoproject.com/en/1.11/ref/settings/
 """

 import os
+import configparser
+import warnings
+
+config = configparser.ConfigParser()
+config.read('options.ini')
+options = config['General']

 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@ -20,7 +26,10 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/

 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '#(5u4*zj+ppjmsa^8mu_e%$0zpou(&9vu^q02g4icb%eu%3qe8'
+SECRET_KEY = options.get('secret_key', '5up3r s3cr3t k3y')
+if '5up3r s3cr3t k3y' == SECRET_KEY:
+    warnings.warn("Using a default secret_key, change this in options.ini for production!")
+

 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
--- a/options_example.ini
+++ b/options_example.ini
@ -0,0 +1,3 @@
+[General]
+# You MUST change this for production.  Not doing so is a major vulnerability
+secret_key=5up3r s3cr3t k3y