Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."

This reverts commit b3cffde555 due to
a regression and performance concerns.
This commit is contained in:
Tim Graham 2018-05-26 20:58:41 -04:00
parent b4fd9b5ad4
commit 5cc81cd9eb
5 changed files with 13 additions and 40 deletions

View File

@ -116,15 +116,15 @@ class Settings:
if setting.isupper(): if setting.isupper():
setting_value = getattr(mod, setting) setting_value = getattr(mod, setting)
if setting == 'SECRET_KEY' and not setting_value:
raise ImproperlyConfigured('The SECRET_KEY setting must not be empty.')
if (setting in tuple_settings and if (setting in tuple_settings and
not isinstance(setting_value, (list, tuple))): not isinstance(setting_value, (list, tuple))):
raise ImproperlyConfigured("The %s setting must be a list or a tuple. " % setting) raise ImproperlyConfigured("The %s setting must be a list or a tuple. " % setting)
setattr(self, setting, setting_value) setattr(self, setting, setting_value)
self._explicit_settings.add(setting) self._explicit_settings.add(setting)
if not self.SECRET_KEY:
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
if self.is_overridden('DEFAULT_CONTENT_TYPE'): if self.is_overridden('DEFAULT_CONTENT_TYPE'):
warnings.warn('The DEFAULT_CONTENT_TYPE setting is deprecated.', RemovedInDjango30Warning) warnings.warn('The DEFAULT_CONTENT_TYPE setting is deprecated.', RemovedInDjango30Warning)
@ -140,11 +140,6 @@ class Settings:
os.environ['TZ'] = self.TIME_ZONE os.environ['TZ'] = self.TIME_ZONE
time.tzset() time.tzset()
def __getattr__(self, name):
if name == 'SECRET_KEY':
raise ImproperlyConfigured('The SECRET_KEY setting must be set.')
raise AttributeError("'%s' object has no attribute '%s'" % (self.__class__.__name__, name))
def is_overridden(self, setting): def is_overridden(self, setting):
return setting in self._explicit_settings return setting in self._explicit_settings

View File

@ -256,6 +256,11 @@ ABSOLUTE_URL_OVERRIDES = {}
# ] # ]
IGNORABLE_404_URLS = [] IGNORABLE_404_URLS = []
# A secret key for this particular Django installation. Used in secret-key
# hashing algorithms. Set this in your settings, or Django will complain
# loudly.
SECRET_KEY = ''
# Default file storage mechanism that holds media. # Default file storage mechanism that holds media.
DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'

View File

@ -2066,7 +2066,7 @@ object. See :ref:`how-django-processes-a-request` for details.
``SECRET_KEY`` ``SECRET_KEY``
-------------- --------------
Default: Not defined Default: ``''`` (Empty string)
A secret key for a particular Django installation. This is used to provide A secret key for a particular Django installation. This is used to provide
:doc:`cryptographic signing </topics/signing>`, and should be set to a unique, :doc:`cryptographic signing </topics/signing>`, and should be set to a unique,
@ -2079,9 +2079,7 @@ Uses of the key shouldn't assume that it's text or bytes. Every use should go
through :func:`~django.utils.encoding.force_text` or through :func:`~django.utils.encoding.force_text` or
:func:`~django.utils.encoding.force_bytes` to convert it to the desired type. :func:`~django.utils.encoding.force_bytes` to convert it to the desired type.
Django will refuse to start if :setting:`SECRET_KEY` is set to an empty value. Django will refuse to start if :setting:`SECRET_KEY` is not set.
:class:`~django.core.exceptions.ImproperlyConfigured` is raised if
``SECRET_KEY`` is accessed but not set.
.. warning:: .. warning::
@ -2114,10 +2112,6 @@ affect them.
startproject <startproject>` creates a unique ``SECRET_KEY`` for startproject <startproject>` creates a unique ``SECRET_KEY`` for
convenience. convenience.
.. versionchanged:: 2.1
In older versions, ``SECRET_KEY`` defaults to an empty string.
.. setting:: SECURE_BROWSER_XSS_FILTER .. setting:: SECURE_BROWSER_XSS_FILTER
``SECURE_BROWSER_XSS_FILTER`` ``SECURE_BROWSER_XSS_FILTER``

View File

@ -2213,11 +2213,7 @@ class DiffSettings(AdminScriptTestCase):
out, err = self.run_manage(args) out, err = self.run_manage(args)
self.assertNoOutput(err) self.assertNoOutput(err)
self.assertOutput(out, "+ FOO = 'bar'") self.assertOutput(out, "+ FOO = 'bar'")
self.assertOutput(out, "- INSTALLED_APPS = []") self.assertOutput(out, "- SECRET_KEY = ''")
self.assertOutput(
out,
"+ INSTALLED_APPS = ['django.contrib.auth', 'django.contrib.contenttypes', 'admin_scripts']"
)
self.assertOutput(out, "+ SECRET_KEY = 'django_tests_secret_key'") self.assertOutput(out, "+ SECRET_KEY = 'django_tests_secret_key'")
self.assertNotInOutput(out, " APPEND_SLASH = True") self.assertNotInOutput(out, " APPEND_SLASH = True")
@ -2233,12 +2229,7 @@ class DiffSettings(AdminScriptTestCase):
self.assertNoOutput(err) self.assertNoOutput(err)
self.assertOutput(out, " APPEND_SLASH = True") self.assertOutput(out, " APPEND_SLASH = True")
self.assertOutput(out, "+ FOO = 'bar'") self.assertOutput(out, "+ FOO = 'bar'")
self.assertOutput(out, "- INSTALLED_APPS = []") self.assertOutput(out, "- SECRET_KEY = ''")
self.assertOutput(
out,
"+ INSTALLED_APPS = ['django.contrib.auth', 'django.contrib.contenttypes', 'admin_scripts']"
)
self.assertOutput(out, "+ SECRET_KEY = 'django_tests_secret_key'")
class Dumpdata(AdminScriptTestCase): class Dumpdata(AdminScriptTestCase):

View File

@ -291,20 +291,8 @@ class SettingsTests(SimpleTestCase):
def test_no_secret_key(self): def test_no_secret_key(self):
settings_module = ModuleType('fake_settings_module') settings_module = ModuleType('fake_settings_module')
sys.modules['fake_settings_module'] = settings_module sys.modules['fake_settings_module'] = settings_module
msg = 'The SECRET_KEY setting must be set.' msg = 'The SECRET_KEY setting must not be empty.'
try: try:
settings = Settings('fake_settings_module')
with self.assertRaisesMessage(ImproperlyConfigured, msg):
settings.SECRET_KEY
finally:
del sys.modules['fake_settings_module']
def test_secret_key_empty_string(self):
settings_module = ModuleType('fake_settings_module')
settings_module.SECRET_KEY = ''
sys.modules['fake_settings_module'] = settings_module
try:
msg = 'The SECRET_KEY setting must not be empty.'
with self.assertRaisesMessage(ImproperlyConfigured, msg): with self.assertRaisesMessage(ImproperlyConfigured, msg):
Settings('fake_settings_module') Settings('fake_settings_module')
finally: finally: