From d43ce1bdb278c021d18e9a5af26f68dc2711c7f1 Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Mon, 26 Apr 2021 18:42:10 +0100 Subject: [PATCH] rename TUNNEL_DATA as DRAWINGS_DATA --- core/views/statistics.py | 4 ++-- core/views/surveys.py | 4 ++-- localsettingsWSL.py | 10 +++++----- localsettingsdocker.py | 2 +- localsettingspotatohut.py | 2 +- localsettingsserver.py | 2 +- localsettingsubuntu.py | 2 +- parsers/surveys.py | 6 +++--- security-warnings.txt | 6 +++--- 9 files changed, 19 insertions(+), 19 deletions(-) diff --git a/core/views/statistics.py b/core/views/statistics.py index c317d43..395858b 100644 --- a/core/views/statistics.py +++ b/core/views/statistics.py @@ -53,7 +53,7 @@ def pathsreport(request): "SURVEYS_URL" : str( settings.SURVEYS_URL), "SURVEXPORT" : str( settings.SURVEXPORT), "THREEDCACHEDIR" : str( settings.THREEDCACHEDIR), - "TUNNEL_DATA" : str( settings.TUNNEL_DATA), + "DRAWINGS_DATA" : str( settings.DRAWINGS_DATA), "URL_ROOT" : str( settings.URL_ROOT) } except: @@ -90,7 +90,7 @@ def pathsreport(request): "SURVEYS_URL" : type(settings.SURVEYS_URL), "SURVEXPORT" : type(settings.SURVEXPORT), "THREEDCACHEDIR" : type(settings.THREEDCACHEDIR), - "TUNNEL_DATA" : type(settings.TUNNEL_DATA), + "DRAWINGS_DATA" : type(settings.DRAWINGS_DATA), "URL_ROOT" : type(settings.URL_ROOT) } except: diff --git a/core/views/surveys.py b/core/views/surveys.py index d2d2fac..c54d6de 100644 --- a/core/views/surveys.py +++ b/core/views/surveys.py @@ -64,7 +64,7 @@ def dwgfilesingle(request, path): message = f'Drawing file error or not found \'{path}\' .' return render(request, 'errors/generic.html', {'message': message}) - tfile = Path(settings.TUNNEL_DATA, dwgfile.dwgpath) + tfile = Path(settings.DRAWINGS_DATA, dwgfile.dwgpath) try: # for display not download return HttpResponse(content=open(tfile, errors='strict'), content_type="text/xhtml") except UnicodeDecodeError: @@ -86,7 +86,7 @@ def dwgfileupload(request, path): except: message = f'Drawing file error or not found \'{path}\' .' return render(request, 'errors/generic.html', {'message': message}) - tfile = Path(settings.TUNNEL_DATA, dwgfile.dwgpath) + tfile = Path(settings.DRAWINGS_DATA, dwgfile.dwgpath) project, user, password, tunnelversion = request.POST["tunnelproject"], request.POST["tunneluser"], request.POST["tunnelpassword"], request.POST["tunnelversion"] print(project, user, tunnelversion) diff --git a/localsettingsWSL.py b/localsettingsWSL.py index 76dc3aa..f9e2dd1 100644 --- a/localsettingsWSL.py +++ b/localsettingsWSL.py @@ -112,14 +112,14 @@ TEMPLATES = [ 'context_processors': [ # django.template.context_processors.csrf, # is always enabled and cannot be removed, sets csrf_token 'django.contrib.auth.context_processors.auth', # knowledge of logged-on user & permissions - 'core.context.troggle_context', # in core/troggle.py + 'core.context.troggle_context', # in core/troggle.py - only used in expedition.html 'django.template.context_processors.debug', - #'django.template.context_processors.request', # copy of current request, added in trying to make csrf work 'django.template.context_processors.i18n', 'django.template.context_processors.media', # includes a variable MEDIA_URL 'django.template.context_processors.static', # includes a variable STATIC_URL 'django.template.context_processors.tz', - 'django.contrib.messages.context_processors.messages', + 'django.template.context_processors.request', # must be enabled in DjangoTemplates (TEMPLATES) in order to use the admin navigation sidebar. + 'django.contrib.messages.context_processors.messages', ], 'loaders': [ 'django.template.loaders.filesystem.Loader', # default lcation is troggle/templates/ @@ -145,7 +145,7 @@ EMAIL_USE_TLS = True DEFAULT_FROM_EMAIL = 'django-test@klebos.net' SURVEX_DATA = REPOS_ROOT_PATH / "loser" -TUNNEL_DATA = REPOS_ROOT_PATH / "drawings" +DRAWINGS_DATA = REPOS_ROOT_PATH / "drawings" THREEDCACHEDIR = REPOS_ROOT_PATH / 'expowebcache' / '3d' EXPOWEB = REPOS_ROOT_PATH / "expoweb" @@ -163,7 +163,7 @@ LOGFILE = os.fspath(LOGFILE) SURVEYS = os.fspath(SURVEYS) EXPOWEB = os.fspath(EXPOWEB) THREEDCACHEDIR = os.fspath(THREEDCACHEDIR) -TUNNEL_DATA = os.fspath(TUNNEL_DATA) +DRAWINGS_DATA = os.fspath(DRAWINGS_DATA) SURVEX_DATA = os.fspath(SURVEX_DATA) REPOS_ROOT_PATH = os.fspath(REPOS_ROOT_PATH) TEMPLATE_PATH = os.fspath(TROGGLE_PATH) diff --git a/localsettingsdocker.py b/localsettingsdocker.py index e9a6650..2e51398 100644 --- a/localsettingsdocker.py +++ b/localsettingsdocker.py @@ -23,7 +23,7 @@ sys.path.append(REPOS_ROOT_PATH + 'troggle') PUBLIC_SITE = False SURVEX_DATA = REPOS_ROOT_PATH + 'loser/' -TUNNEL_DATA = REPOS_ROOT_PATH + 'tunneldata/' +DRAWINGS_DATA = REPOS_ROOT_PATH + 'tunneldata/' CAVERN = 'cavern' THREEDTOPOS = '3dtopos' diff --git a/localsettingspotatohut.py b/localsettingspotatohut.py index 2322b3e..753cce4 100644 --- a/localsettingspotatohut.py +++ b/localsettingspotatohut.py @@ -26,7 +26,7 @@ PUBLIC_SITE = True FIX_PERMISSIONS = ["sudo", "/usr/local/bin/fix_permissions"] SURVEX_DATA = REPOS_ROOT_PATH + 'loser/' -TUNNEL_DATA = REPOS_ROOT_PATH + 'tunneldata/' +DRAWINGS_DATA = REPOS_ROOT_PATH + 'tunneldata/' THREEDCACHEDIR = REPOS_ROOT_PATH + 'expowebcache/3d/' CAVERN = 'cavern' diff --git a/localsettingsserver.py b/localsettingsserver.py index aaceef0..53b638c 100644 --- a/localsettingsserver.py +++ b/localsettingsserver.py @@ -73,7 +73,7 @@ PUBLIC_SITE = True DEBUG = True SURVEX_DATA = REPOS_ROOT_PATH + 'loser/' -TUNNEL_DATA = REPOS_ROOT_PATH + 'tunneldata/' +DRAWINGS_DATA = REPOS_ROOT_PATH + 'tunneldata/' CAVERN = 'cavern' THREEDTOPOS = 'survexport' diff --git a/localsettingsubuntu.py b/localsettingsubuntu.py index 9832176..d0ab9fd 100644 --- a/localsettingsubuntu.py +++ b/localsettingsubuntu.py @@ -26,7 +26,7 @@ sys.path.append(REPOS_ROOT_PATH + 'troggle') PUBLIC_SITE = False SURVEX_DATA = REPOS_ROOT_PATH + 'loser/' -TUNNEL_DATA = REPOS_ROOT_PATH + 'tunneldata/' +DRAWINGS_DATA = REPOS_ROOT_PATH + 'tunneldata/' THREEDCACHEDIR = REPOS_ROOT_PATH + 'expowebcache/3d/' CAVERN = 'cavern' diff --git a/parsers/surveys.py b/parsers/surveys.py index a0cf520..2e75561 100644 --- a/parsers/surveys.py +++ b/parsers/surveys.py @@ -179,7 +179,7 @@ def settherionfileinfo(filetuple): ''' thtype, therionfile = filetuple - ff = os.path.join(settings.TUNNEL_DATA, therionfile.dwgpath) + ff = os.path.join(settings.DRAWINGS_DATA, therionfile.dwgpath) therionfile.filesize = os.stat(ff)[stat.ST_SIZE] if therionfile.filesize <= 0: message = "! Zero length therion file {}".format(ff) @@ -229,7 +229,7 @@ def setdwgfileinfo(dwgfile): Should try to read the date too e.g. tunneldate="2010-08-16 22:51:57 then we could display on the master calendar per expo. ''' - ff = os.path.join(settings.TUNNEL_DATA, dwgfile.dwgpath) + ff = os.path.join(settings.DRAWINGS_DATA, dwgfile.dwgpath) dwgfile.filesize = os.stat(ff)[stat.ST_SIZE] if dwgfile.filesize <= 0: message = "! Zero length xml file {}".format(ff) @@ -260,7 +260,7 @@ def load_drawings_files(): '''Breadth first search of drawings directory looking for sub-directories and *.xml filesize ''' all_xml = [] - drawdatadir = settings.TUNNEL_DATA + drawdatadir = settings.DRAWINGS_DATA DrawingFile.objects.all().delete() DataIssue.objects.filter(parser='Drawings').delete() DataIssue.objects.filter(parser='Therion').delete() diff --git a/security-warnings.txt b/security-warnings.txt index 6c90561..edfad59 100644 --- a/security-warnings.txt +++ b/security-warnings.txt @@ -2,9 +2,9 @@ System check identified some issues: WARNINGS: ?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect. -?: (security.W002) You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks. -?: (security.W003) You don't appear to be using Django's built-in cross-site request forgery protection via the middleware ('django.middleware.csrf.CsrfViewMiddleware' is not in your MIDDLEWARE). Enabling the middleware is the safest approach to ensure you don't leave any holes. -?: (security.W010) You have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. +?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. +?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. ?: (security.W018) You should not have DEBUG set to True in deployment. +?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'. System check identified 5 issues (0 silenced).