From 66919bd1607bb6f1e4f4c3063948800e2a47dad1 Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Fri, 27 Jun 2025 19:47:53 +0100 Subject: [PATCH] password stuff re engineered - online edit of handbook/troggle/troglaptop.html - on dev machine 'SnowWhite' --- handbook/troggle/troglaptop.html | 75 ++++++++++++++++++++++++-------- 1 file changed, 57 insertions(+), 18 deletions(-) diff --git a/handbook/troggle/troglaptop.html b/handbook/troggle/troglaptop.html index 8d58ecaeb..12cc16b97 100644 --- a/handbook/troggle/troglaptop.html +++ b/handbook/troggle/troglaptop.html @@ -237,32 +237,42 @@ The version number is the version of Django you have installed. Double check tha You will get an error: No module named 'localsettings'. Fixing this is described below, but for now try: 
python manage.py check -v 3 --traceback

The most important is the python manage.py check. If this works, then you have installed the software correctly. + +

troggle local settings and passwords

-The next task is to edit the SETTINGS files to match your machine and folder structure. So find the appropriate copy of the localsettings in /_deploy/ and copy it into the main troggle folder: -

cp _deploy/wsl/localsettingsWSL.py localsettings.py
+The next task is to edit the SETTINGS files to match your machine and folder structure. So find the most appropriate copy of the localsettings in /_deploy/ and copy it into the main troggle folder: +
cp _deploy/okchai/localsettings-okchai.py localsettings.py
The git repo copies have got munged passwords. -localsettings.py is not stored in git, but the copy on the server does have the correct passwords. -So use sFTP to download localsettings.py from expo.survex.com to get these. +localsettings.py no longer has active passwords in it, but we have not tidied everything up yet. +

We have at one time made localsettings in /_deploy/ appropriate for

- WARNING: only the WSL (12/2024) and debian (12/2023) variants are in any way current . All the others are so old that -they will need serious work to be useable. Copy what you need from WSL and debian variants of -localsettings.py + WARNING: All those above are out of date. We have moved to a per-machine set of settings as this is more manageable in practice: -

[ALL THIS ABOUT PASSWORDS IS OUT OF DATE, come back tomorrow: 28th June 2025. - ] -

Now edit localsettings.py and insert useful values for EXPOUSERPASS [e.g. cavey:beery], EXPOADMINUSERPASS [e.g. beery:cavey], SECRET_KEY. SECRET_KEY can be anything, it just has to be unique to each installation and invisible to anyone not a developer. +

+ +Pick one which is closest to your needs and copy it +
cp _deploy/okchai/localsettings-okchai.py localsettings.py
-

Set EMAIL_HOST and EMAIL_HOST_PASSWORD to an email account you control that can send email. Then troggle can email you when some things go wrong. This may mean having to set EMAIL_PORT and MAIL_USE_TLS too (this is not used in troggle currently). Set EXPOUSER_EMAIL and EXPOADMINUSER_EMAIL to your own email address while you are doing software development. All these will be different when troggle is deployed on the public server.

Now you need to edit the following settings in your localsettings.py file to match your @@ -270,7 +280,8 @@ development machine, e.g. if you have /expofiles/ mounted on another disc: 

FILES = Path('/mnt/f/expofiles/')
-EXPOFILES = Path('/mnt/f/expofiles/')
+EXPOFILES = Path('/mnt/f/expofiles/') +PHOTOS = Path('/mnt/z/expophotos/')

All the other settings (drawings, expoweb etc.) will work fine if they are parallel directories to the directory you installed troggle into. The troggle code can find out itself where it @@ -279,9 +290,37 @@ is living. If you do not have a local copy of /expofiles/ (40 GB), you can use the expo server copy if you set: 

EXPOFILESREMOTE = TRUE
-and then the FILES and EXPOFILES setings will be ignored. (Except for the upload forms which will 'upload' files -to your local disc. ) +and then the FILES and EXPOFILES setings will be ignored. (Except for the upload forms which will 'upload' files to your local disc. ) +

Passwords

+ +

The passwords are in a file troggle/secret-credentials.py which is listed in .gitignore and so it not under version control. Use sFTP to download credentials.py from expo.survex.com to get these. A sanitised version of this is: +


+'''
+Do not load this into git !
+it should always be listed in .gitignore
+'''
+SECRET_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' 
+# used for Django session cookies, generated 16/1/2024
+LONGTERM_SECRET_KEY = 'yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy' 
+# used for encrypting stored personal data, generated 16/1/2024
+EXPOUSERPASS = "nnn:gggggg"  # expo
+EXPOADMINUSERPASS = "gggggggggg" # expoadmin
+EMAIL_HOST_PASSWORD = "smtp-zzzzzzzzzzz" 
+MARIADB_SERVER_PASSWORD = 'uuuuuuuuuuuuuuu'
+

+The "SECRET_KEY" doesn't matter, it could be anything, and we could regenerate a random one whenever we reset the database. It is only used by Django internal functions such as session cookies. +

+The "LONGTERM_SECRET_KEY" encrypts the email addresses of registered users in a file. This is only used for user registration and for logging on as an individual instead of just as "expo". + + + +

Set EMAIL_HOST and EMAIL_HOST_PASSWORD to an email account you control that can send email. Then troggle can email you when some things go wrong. This may mean having to set EMAIL_PORT and MAIL_USE_TLS too (this is not used in troggle currently). Set EXPOUSER_EMAIL and EXPOADMINUSER_EMAIL to your own email address while you are doing software development. All these will be different when troggle is deployed on the public server. +

If you got hold of secret_credentials.py from the server, you will need to edit the EMAIL passwords in secret_credentials.py to match the email address you will put into localsettings.py for your own machine. + +

Only the server runs MARIADB, you don't need it for local development. + +

Both django & troggle health checks

Now try this again: 

python manage.py