fixing paths in settings to be Path() not str()

2024-12-03 15:12:18 +00:00 · 2023-03-08 18:24:57 +00:00 · 2023-03-08 18:24:57 +00:00 · b3d9eeecd2
commit b3d9eeecd2
parent 301fa1fce1
6 changed files with 175 additions and 40 deletions
--- a/.gitignore
+++ b/.gitignore
@ -134,3 +134,5 @@ localsettings-oldMuscogee.py
 troggle.sqlite-journal - Shortcut.lnk
 troggle.sqlite - Shortcut.lnk

+_deploy/debian/localsettings-jan.py
+_deploy/debian/localsettings-nw.py
--- a/_deploy/debian/settings.py
+++ b/_deploy/debian/settings.py
@ -0,0 +1,147 @@
+"""
+Django settings for troggle project.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/dev/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/dev/ref/settings/
+"""
+# Imports should be grouped in the following order:
+
+# 1.Standard library imports.
+# 2.Related third party imports.
+# 3.Local application/library specific imports.
+# 4.You should put a blank line between each group of imports.
+
+
+
+print("*  importing troggle/settings.py")
+
+# default value, then gets overwritten by real secrets
+SECRET_KEY = "not-the-real-secret-key-a#vaeozn0---^fj!355qki*vj2"
+
+GIT = "git"  # command for running git
+
+# Note that this builds upon the django system installed
+# global settings in
+# django/conf/global_settings.py which is automatically loaded first.
+# read https://docs.djangoproject.com/en/dev/topics/settings/
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+# BASE_DIR = os.path.dirname(os.path.dirname(__file__))
+
+# Django settings for troggle project.
+
+ALLOWED_HOSTS = ["*", "expo.survex.com", ".survex.com", "localhost", "127.0.0.1", "192.168.0.5"]
+
+ADMINS = (
+    # ('Your Name', 'your_email@domain.com'),
+)
+MANAGERS = ADMINS
+
+# LOGIN_URL = '/accounts/login/' # this is the default value so does not need to be set
+
+# Local time zone for this installation. Choices can be found here:
+# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+# although not all choices may be available on all operating systems.
+# If running in a Windows environment this must be set to the same as your
+# system time zone.
+USE_TZ = True
+TIME_ZONE = "Europe/London"
+
+# Language code for this installation. All choices can be found here:
+# http://www.i18nguy.com/unicode/language-identifiers.html
+LANGUAGE_CODE = "en-uk"
+
+SITE_ID = 1
+
+# If you set this to False, Django will make some optimizations so as not
+# to load the internationalization machinery.
+USE_I18N = True
+USE_L10N = True
+
+FIX_PERMISSIONS = []
+
+# top-level survex file basename (without .svx)
+SURVEX_TOPNAME = "1623-and-1626-no-schoenberg-hs"
+
+
+# Caves for which survex files exist, but are not otherwise registered
+# replaced (?) by expoweb/cave_data/pendingcaves.txt
+# PENDING = ["1626-361", "2007-06", "2009-02",
+# "2012-ns-01", "2012-ns-02", "2010-04", "2012-ns-05", "2012-ns-06",
+# "2012-ns-07", "2012-ns-08", "2012-ns-12", "2012-ns-14", "2012-ns-15", "2014-bl888",
+# "2018-pf-01", "2018-pf-02"]
+
+APPEND_SLASH = (
+    False  # never relevant because we have urls that match unknown files and produce an 'edit this page' response
+)
+SMART_APPEND_SLASH = True  # not eorking as middleware different after Dj2.0
+
+
+LOGIN_REDIRECT_URL = "/"  # does not seem to have any effect
+
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+# SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere?
+# CSRF_COOKIE_SECURE = True # if enabled only sends cookies over SSL
+X_FRAME_OPTIONS = "DENY"  # changed to "DENY" after I eliminated all the iframes e.g. /xmlvalid.html
+
+DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"  # from Django 3.2
+
+INSTALLED_APPS = (
+    "django.contrib.admin",
+    "django.contrib.auth",  # includes the url redirections for login, logout
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.admindocs",
+    "django.forms",  # Required to customise widget templates
+    #    'django.contrib.staticfiles', # We put our CSS etc explicitly in the right place so do not need this
+    "troggle.core",
+)
+
+FORM_RENDERER = "django.forms.renderers.TemplatesSetting"  # Required to customise widget templates
+
+# See the recommended order of these in https://docs.djangoproject.com/en/dev/ref/middleware/
+# Note that this is a radically different onion architecture from earlier versions though it looks the same,
+# see https://docs.djangoproject.com/en/dev/topics/http/middleware/#upgrading-pre-django-1-10-style-middleware
+# Seriously, read this: https://www.webforefront.com/django/middlewaredjango.html which is MUCH BETTER than the docs
+MIDDLEWARE = [
+    #'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST # we don't use this
+    "django.middleware.gzip.GZipMiddleware",  # not needed when expofiles and photos served by apache
+    "django.contrib.sessions.middleware.SessionMiddleware",  # Manages sessions, if CSRF_USE_SESSIONS then it needs to be early
+    "django.middleware.common.CommonMiddleware",  # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
+    "django.middleware.csrf.CsrfViewMiddleware",  # Cross Site Request Forgeries by adding hidden form fields to POST
+    "django.contrib.auth.middleware.AuthenticationMiddleware",  # Adds the user attribute, representing the currently-logged-in user
+    "django.contrib.admindocs.middleware.XViewMiddleware",  # this and docutils needed by admindocs
+    "django.contrib.messages.middleware.MessageMiddleware",  # Cookie-based and session-based message support. Needed by admin system
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",  # clickjacking protection via the X-Frame-Options header
+    #'django.middleware.security.SecurityMiddleware', # SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT
+    #'troggle.core.middleware.SmartAppendSlashMiddleware' # needs adapting after Dj2.0
+]
+
+ROOT_URLCONF = "troggle.urls"
+
+WSGI_APPLICATION = "troggle.wsgi.application"  # change to asgi as soon as we upgrade to Django 3.0
+
+ACCOUNT_ACTIVATION_DAYS = 3
+
+# AUTH_PROFILE_MODULE = 'core.person' # used by removed profiles app ?
+
+QM_PATTERN = "\[\[\s*[Qq][Mm]:([ABC]?)(\d{4})-(\d*)-(\d*)\]\]"
+
+# Re-enable TinyMCE when Dj upgraded to v3. Also templates/editexpopage.html
+# TINYMCE_DEFAULT_CONFIG = {
+# 'plugins': "table,spellchecker,paste,searchreplace",
+# 'theme': "advanced",
+# }
+# TINYMCE_SPELLCHECKER = False
+# TINYMCE_COMPRESSOR = True
+
+TEST_RUNNER = "django.test.runner.DiscoverRunner"
+
+from localsettings import *
+
+# localsettings needs to take precedence. Call it to override any existing vars.
--- a/_deploy/wsl/localsettingsWSL.py
+++ b/_deploy/wsl/localsettingsWSL.py
@ -46,7 +46,6 @@ PV = "python" + str(sys.version_info.major) + "." + str(sys.version_info.minor)
 # --------------------- MEDIA redirections BEGIN ---------------------
 REPOS_ROOT_PATH = Path(__file__).parent.parent
 LIBDIR = REPOS_ROOT_PATH / "lib" / PV
-# LIBDIR  =  REPOS_ROOT_PATH / 'lib' / 'python3.9'

 TROGGLE_PATH = Path(__file__).parent
 TEMPLATE_PATH = TROGGLE_PATH / "templates"
@ -58,7 +57,12 @@ EXPOFILES = REPOS_ROOT_PATH / "expofiles"

 SCANS_ROOT = EXPOFILES / "surveyscans"
 PHOTOS_ROOT = EXPOFILES / "photos"
-PHOTOS_YEAR = "2022"
+PHOTOS_YEAR = "2023"
+NOTABLECAVESHREFS = ["290", "291", "264", "258", "204", "359", "76", "107"]
+
+
+PYTHON_PATH = REPOS_ROOT_PATH / "troggle"
+LOGFILE = PYTHON_PATH / "troggle.log"

 # URL that handles the media served from MEDIA_ROOT. Make sure to use a
 # trailing slash if there is a path component (optional in other cases).
@ -118,11 +122,6 @@ if DBSWITCH == "sqlite":
 if DBSWITCH == "mariadb":
    DATABASES = DBMARIADB

-NOTABLECAVESHREFS = ["290", "291", "359", "264", "258", "204", "76", "107"]
-
-PYTHON_PATH = REPOS_ROOT_PATH / "troggle"
-
-LOGFILE = PYTHON_PATH / "troggle.log"


 TEMPLATES = [
@ -165,29 +164,18 @@ DEFAULT_FROM_EMAIL = "django-test@klebos.net"
 SURVEX_DATA = REPOS_ROOT_PATH / "loser"
 DRAWINGS_DATA = REPOS_ROOT_PATH / "drawings"
 EXPOWEB = REPOS_ROOT_PATH / "expoweb"
-
 CAVEDESCRIPTIONS = EXPOWEB / "cave_data"
 ENTRANCEDESCRIPTIONS = EXPOWEB / "entrance_data"
+
 EXPOWEB_URL = ""
 # SCANS_URL = '/survey_scans/' # defunct, removed.

-# Sanitise these to be strings as all other code is expecting strings
-# and we have not made the change to pathlib Path type in the other localsettings-* variants yet.
-# CAVEDESCRIPTIONS = str(CAVEDESCRIPTIONS)
-# ENTRANCEDESCRIPTIONS = str(ENTRANCEDESCRIPTIONS)
-# LOGFILE = str(LOGFILE)
-# EXPOWEB = str(EXPOWEB)
-# DRAWINGS_DATA     = str(DRAWINGS_DATA)
-# SURVEX_DATA     = str(SURVEX_DATA)
-# TEMPLATE_PATH   = str(TROGGLE_PATH)
-# MEDIA_ROOT      = str(MEDIA_ROOT)
-# JSLIB_ROOT      = str(JSLIB_ROOT)
-# SCANS_ROOT    = str(SCANS_ROOT)
-# EXPOFILES = str(EXPOFILES)
-# PHOTOS_ROOT = str(PHOTOS_ROOT)
-STATIC_URL = str(STATIC_URL) + "/"
-MEDIA_URL = str(MEDIA_URL) + "/"
-# PYTHON_PATH = str(PYTHON_PATH)
-# REPOS_ROOT_PATH = str(REPOS_ROOT_PATH)
 sys.path.append(str(REPOS_ROOT_PATH))
 sys.path.append(str(PYTHON_PATH))
+#TINY_MCE_MEDIA_ROOT = STATIC_ROOT + '/tiny_mce/' # not needed while TinyMCE not installed
+#TINY_MCE_MEDIA_URL = STATIC_URL + '/tiny_mce/' # not needed while TinyMCE not installed
+
+# Sanitise these to be strings as Django seems to be particularly sensitive to crashing if they aren't
+STATIC_URL = str(STATIC_URL) + "/"
+MEDIA_URL = str(MEDIA_URL) + "/"
+
--- a/deprecations.txt
+++ b/deprecations.txt
@ -1,8 +1,2 @@
-/home/philip/p11d5/lib/python3.11/site-packages/django/http/request.py:1: DeprecationWarning: 'cgi' is deprecated and slated for removal in Python 3.13
-  import cgi
-/home/philip/p11d5/lib/python3.11/site-packages/django/utils/encoding.py:266: DeprecationWarning: Use setlocale(), getencoding() and getlocale() instead
-  encoding = locale.getdefaultlocale()[1] or 'ascii'
-/home/philip/p11d5/lib/python3.11/site-packages/django/utils/asyncio.py:19: DeprecationWarning: There is no current event loop
-  event_loop = asyncio.get_event_loop()
-/home/philip/p11d5/lib/python3.11/site-packages/django/utils/asyncio.py:19: DeprecationWarning: There is no current event loop
-  event_loop = asyncio.get_event_loop()
+/home/philip/p11d3/lib/python3.11/site-packages/django/conf/__init__.py:267: RemovedInDjango50Warning: The USE_L10N setting is deprecated. Starting with Django 5.0, localized formatting of data will always be enabled. For example Django will display numbers and dates using the format of the current locale.
+  warnings.warn(USE_L10N_DEPRECATED_MSG, RemovedInDjango50Warning)
--- a/requirements.txt
+++ b/requirements.txt
@ -1,14 +1,18 @@
 asgiref==3.6.0
 black==23.1.0
+click==8.1.3
 coverage==7.1.0
-Django==3.2
-isort==5.12
+Django==4.2b1
+docutils==0.19
+isort==5.12.0
 mypy-extensions==1.0.0
-pathspec==0.11
+packaging==23.0
+pathspec==0.11.0
 Pillow==9.4.0
+platformdirs==3.0.0
 pytz==2022.7
 ruff==0.0.245
-setuptools==67.2.0
+sqlparse==0.4.3
 Unidecode==1.3.6
 docutils==0.19

--- a/security-warnings.txt
+++ b/security-warnings.txt
@ -1,8 +1,8 @@
 System check identified some issues:

 WARNINGS:
-?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.
-?: (security.W009) Your SECRET_KEY has less than 50 characters, less than 5 unique characters, or it's prefixed with 'django-insecure-' indicating that it was generated automatically by Django. Please generate a long and random SECRET_KEY, otherwise many of Django's security-critical features will be vulnerable to attack.
+?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, SECURE_CROSS_ORIGIN_OPENER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.
+?: (security.W009) Your SECRET_KEY has less than 50 characters, less than 5 unique characters, or it's prefixed with 'django-insecure-' indicating that it was generated automatically by Django. Please generate a long and random value, otherwise many of Django's security-critical features will be vulnerable to attack.
 ?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
 ?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
 ?: (security.W018) You should not have DEBUG set to True in deployment.