Allow admin password to be set from environment

Require password to be different from "admin" in production.
This commit is contained in:
Midgard 2020-07-25 11:29:26 +02:00
parent ce411aec56
commit 17650b72ba
Signed by: midgard
GPG key ID: 511C112F1331BBB4

View file

@ -1,6 +1,9 @@
# Generated by Django 3.0.8 on 2020-07-24 21:40 # Created manually
import logging
import logging
import os
from django.conf import settings
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.core.management.sql import emit_post_migrate_signal from django.core.management.sql import emit_post_migrate_signal
from django.db import migrations from django.db import migrations
@ -9,15 +12,27 @@ from django.utils import timezone
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
ENV_USERNAME = 'KERS_ADMIN_USERNAME'
ENV_PASSWORD = 'KERS_ADMIN_PASSWORD'
def create_superuser(apps, schema_editor): def create_superuser(apps, schema_editor):
superuser = get_user_model()( superuser = get_user_model()(
is_superuser=True, is_superuser=True,
is_staff=True, is_staff=True,
username="admin", # os.environ['ADMIN_USERNAME'], username=os.environ.get(ENV_USERNAME, 'admin'),
last_login=timezone.now(), last_login=timezone.now(),
) )
# superuser.set_password(os.environ['ADMIN_PASSWORD'])
superuser.set_password('admin') dev_password = 'admin'
password = os.environ.get(ENV_PASSWORD, dev_password)
if password == dev_password:
log = logger.warning if settings.DEBUG else logger.error
log(f"Admin password is '{password}'. This is not for use in production. Set environment variable {ENV_PASSWORD} to choose a different password.")
if not settings.DEBUG:
raise Exception("Development admin password used in production")
superuser.set_password(password)
superuser.save() superuser.save()
@ -39,7 +54,7 @@ def add_group_permissions(apps, schema_editor):
for group in kers_group_permissions: for group in kers_group_permissions:
role, created = Group.objects.get_or_create(name=group) role, created = Group.objects.get_or_create(name=group)
logger.info(f'{group} Group created') logger.info(f'{group} Group {"created" if created else "exists"}')
for perm in kers_group_permissions[group]: for perm in kers_group_permissions[group]:
role.permissions.add(Permission.objects.get(codename=perm)) role.permissions.add(Permission.objects.get(codename=perm))
logger.info(f'Permitting {group} to {perm}') logger.info(f'Permitting {group} to {perm}')