Set the SECRET_KEY default value back to "---"

Previously, I had changed the default value to "", to force users to set the SECRET_KEY value (the app refuses to start if SECRET_KEY is empty). The problem with that is, out of the box, with the default configuration, the tests also don't run and complain about the empty SECRET_KEY. So, a compromise: revert back to the default value "---". At runtime, if SECRET_KEY has the default value, show a warning at the top of every page.
4 years ago · 45078e6566
--- a/docker/.env
+++ b/docker/.env
@ -38,7 +38,7 @@ PUSHOVER_SUBSCRIPTION_URL=
 REGISTRATION_OPEN=True
 REMOTE_USER_HEADER=
 RP_ID=
 SECRET_KEY=
 SECRET_KEY=---
 SHELL_ENABLED=False
 SIGNAL_CLI_ENABLED=False
 SITE_NAME=Mychecks
--- a/hc/front/templatetags/hc_extras.py
+++ b/hc/front/templatetags/hc_extras.py
@ -70,6 +70,15 @@ def debug_warning():
        """
        )
    if settings.SECRET_KEY == "---":
        return mark_safe(
            """
            <div id="debug-warning">
            Running with an insecure SECRET_KEY value, do not use in production.
            </div>
        """
        )
    return ""
--- a/hc/front/tests/test_basics.py
+++ b/hc/front/tests/test_basics.py
@ -3,15 +3,22 @@ from django.test.utils import override_settings
 class BasicsTestCase(TestCase):
    @override_settings(DEBUG=False, SECRET_KEY="abc")
    def test_it_shows_welcome(self):
        r = self.client.get("/")
        self.assertContains(r, "Get Notified", status_code=200)
        self.assertNotContains(r, "do not use in production")
    @override_settings(DEBUG=True)
    @override_settings(DEBUG=True, SECRET_KEY="abc")
    def test_it_shows_debug_warning(self):
        r = self.client.get("/")
        self.assertContains(r, "do not use in production")
        self.assertContains(r, "Running in debug mode")
    @override_settings(DEBUG=False, SECRET_KEY="---")
    def test_it_shows_secret_key_warning(self):
        r = self.client.get("/")
        self.assertContains(r, "Get Notified", status_code=200)
        self.assertContains(r, "Running with an insecure SECRET_KEY value")
    @override_settings(REGISTRATION_OPEN=False)
    def test_it_obeys_registration_open(self):
--- a/hc/settings.py
+++ b/hc/settings.py
@ -26,7 +26,7 @@ def envint(s, default):
    return int(v)
 SECRET_KEY = os.getenv("SECRET_KEY", "")
 SECRET_KEY = os.getenv("SECRET_KEY", "---")
 METRICS_KEY = os.getenv("METRICS_KEY")
 DEBUG = envbool("DEBUG", "True")
 ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "*").split(",")
--- a/templates/docs/self_hosted_configuration.html
+++ b/templates/docs/self_hosted_configuration.html
@ -230,8 +230,9 @@ if your site runs on <code>https://my-hc.example.org</code>, set <code>RP_ID</co
 locally with a self-signed certificate, you can use the <code>runsslserver</code> command
 from the <code>django-sslserver</code> package.</p>
 <h2 id="SECRET_KEY"><code>SECRET_KEY</code></h2>
 <p>Default: <code>""</code> (empty string)</p>
 <p>A secret key used for cryptographic signing.</p>
 <p>Default: <code>---</code></p>
 <p>A secret key used for cryptographic signing, and should be set to a unique,
 unpredictable value.</p>
 <p>This is a standard Django setting, read more in
 <a href="https://docs.djangoproject.com/en/3.1/ref/settings/#secret-key">Django documentation</a>.</p>
 <h2 id="SHELL_ENABLED"><code>SHELL_ENABLED</code></h2>
--- a/templates/docs/self_hosted_configuration.md
+++ b/templates/docs/self_hosted_configuration.md
@ -370,9 +370,10 @@ from the `django-sslserver` package.
 ## `SECRET_KEY` {: #SECRET_KEY }
 Default: `""` (empty string)
 Default: `---`
 A secret key used for cryptographic signing.
 A secret key used for cryptographic signing, and should be set to a unique,
 unpredictable value.
 This is a standard Django setting, read more in
 [Django documentation](https://docs.djangoproject.com/en/3.1/ref/settings/#secret-key).