Move sensitive information from settings.py to custom_settings.py, include distributable sample

Add .gitignore
Add pip requirements file
Change default password hasher to Argon
This commit is contained in:
Klaus-Uwe Mitterer 2020-03-23 15:14:44 +01:00
parent eb1dfb2f9b
commit f54d19a700
5 changed files with 36 additions and 14 deletions

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
expephalon/custom_settings.py
*.pyc
__pycache__/

View file

@ -0,0 +1,18 @@
# Secret Key: Replace this by a long random string.
# You can use django.core.management.utils.get_random_secret_key to generate one.
SECRET_KEY = "changeme"
# Database settings
# This application is tested only with MariaDB/MySQL.
# You will have to edit settings.py if you want to use Postgres, SQLite, etc.
DB_HOST = "localhost"
DB_PORT = 3306
DB_USER = "expephalon"
DB_PASS = "secret"
DB_NAME = "expephalon"
DEBUG = True
ALLOWED_HOSTS = []

View file

@ -12,22 +12,11 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
import os import os
from expephalon.custom_settings import * # pylint: disable=unused-wildcard-import
# Build paths inside the project like this: os.path.join(BASE_DIR, ...) # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '!n5zzc)6p+f+!d4rs_n&+8na8j%ylc(8lu^%7)be6&@@aynf0!'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = []
# Application definition # Application definition
INSTALLED_APPS = [ INSTALLED_APPS = [
@ -118,3 +107,13 @@ USE_TZ = True
# https://docs.djangoproject.com/en/3.0/howto/static-files/ # https://docs.djangoproject.com/en/3.0/howto/static-files/
STATIC_URL = '/static/' STATIC_URL = '/static/'
# Password hasher
# https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#how-django-stores-passwords
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.Argon2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
]

View file

@ -1,4 +1,4 @@
#!/usr/bin/env python3 #!/usr/bin/env python
"""Django's command-line utility for administrative tasks.""" """Django's command-line utility for administrative tasks."""
import os import os
import sys import sys

2
requirements.txt Normal file
View file

@ -0,0 +1,2 @@
django[argon2]
mysqlclient