From c2555c363fa82077d7353cb297548b3de98dc5d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Tue, 12 Mar 2024 19:57:02 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F=20Ensure=20the=20default?= =?UTF-8?q?=20values=20of=20"changethis"=20are=20not=20deployed=20(#698)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/core/config.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/backend/app/core/config.py b/backend/app/core/config.py index 56d09ee..41de80f 100644 --- a/backend/app/core/config.py +++ b/backend/app/core/config.py @@ -1,4 +1,5 @@ import secrets +import warnings from typing import Annotated, Any, Literal from pydantic import ( @@ -76,7 +77,7 @@ class Settings(BaseSettings): EMAILS_FROM_NAME: str | None = None @model_validator(mode="after") - def set_default_emails_from(self) -> Self: + def _set_default_emails_from(self) -> Self: if not self.EMAILS_FROM_NAME: self.EMAILS_FROM_NAME = self.PROJECT_NAME return self @@ -95,5 +96,26 @@ class Settings(BaseSettings): FIRST_SUPERUSER_PASSWORD: str USERS_OPEN_REGISTRATION: bool = False + def _check_default_secret(self, var_name: str, value: str | None) -> None: + if value == "changethis": + message = ( + f'The value of {var_name} is "changethis", ' + "for security, please change it, at least for deployments." + ) + if self.ENVIRONMENT == "local": + warnings.warn(message, stacklevel=1) + else: + raise ValueError(message) + + @model_validator(mode="after") + def _enforce_non_default_secrets(self) -> Self: + self._check_default_secret("SECRET_KEY", self.SECRET_KEY) + self._check_default_secret("POSTGRES_PASSWORD", self.POSTGRES_PASSWORD) + self._check_default_secret( + "FIRST_SUPERUSER_PASSWORD", self.FIRST_SUPERUSER_PASSWORD + ) + + return self + settings = Settings() # type: ignore