Allow admin password to be set from environment
Require password to be different from "admin" in production.
This commit is contained in:
parent
ce411aec56
commit
17650b72ba
1 changed files with 21 additions and 6 deletions
|
@ -1,6 +1,9 @@
|
||||||
# Generated by Django 3.0.8 on 2020-07-24 21:40
|
# Created manually
|
||||||
import logging
|
|
||||||
|
|
||||||
|
import logging
|
||||||
|
import os
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
from django.contrib.auth import get_user_model
|
from django.contrib.auth import get_user_model
|
||||||
from django.core.management.sql import emit_post_migrate_signal
|
from django.core.management.sql import emit_post_migrate_signal
|
||||||
from django.db import migrations
|
from django.db import migrations
|
||||||
|
@ -9,15 +12,27 @@ from django.utils import timezone
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
ENV_USERNAME = 'KERS_ADMIN_USERNAME'
|
||||||
|
ENV_PASSWORD = 'KERS_ADMIN_PASSWORD'
|
||||||
|
|
||||||
|
|
||||||
def create_superuser(apps, schema_editor):
|
def create_superuser(apps, schema_editor):
|
||||||
superuser = get_user_model()(
|
superuser = get_user_model()(
|
||||||
is_superuser=True,
|
is_superuser=True,
|
||||||
is_staff=True,
|
is_staff=True,
|
||||||
username="admin", # os.environ['ADMIN_USERNAME'],
|
username=os.environ.get(ENV_USERNAME, 'admin'),
|
||||||
last_login=timezone.now(),
|
last_login=timezone.now(),
|
||||||
)
|
)
|
||||||
# superuser.set_password(os.environ['ADMIN_PASSWORD'])
|
|
||||||
superuser.set_password('admin')
|
dev_password = 'admin'
|
||||||
|
password = os.environ.get(ENV_PASSWORD, dev_password)
|
||||||
|
if password == dev_password:
|
||||||
|
log = logger.warning if settings.DEBUG else logger.error
|
||||||
|
log(f"Admin password is '{password}'. This is not for use in production. Set environment variable {ENV_PASSWORD} to choose a different password.")
|
||||||
|
if not settings.DEBUG:
|
||||||
|
raise Exception("Development admin password used in production")
|
||||||
|
|
||||||
|
superuser.set_password(password)
|
||||||
superuser.save()
|
superuser.save()
|
||||||
|
|
||||||
|
|
||||||
|
@ -39,7 +54,7 @@ def add_group_permissions(apps, schema_editor):
|
||||||
|
|
||||||
for group in kers_group_permissions:
|
for group in kers_group_permissions:
|
||||||
role, created = Group.objects.get_or_create(name=group)
|
role, created = Group.objects.get_or_create(name=group)
|
||||||
logger.info(f'{group} Group created')
|
logger.info(f'{group} Group {"created" if created else "exists"}')
|
||||||
for perm in kers_group_permissions[group]:
|
for perm in kers_group_permissions[group]:
|
||||||
role.permissions.add(Permission.objects.get(codename=perm))
|
role.permissions.add(Permission.objects.get(codename=perm))
|
||||||
logger.info(f'Permitting {group} to {perm}')
|
logger.info(f'Permitting {group} to {perm}')
|
||||||
|
|
Loading…
Reference in a new issue