From cdc5401dc2475f9b4722dcac87249f1bfb5ec8d0 Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Mon, 7 Oct 2024 16:31:24 +0200 Subject: [PATCH] Allow to set fallback secret keys (#4482) --- doc/admin/config.rst | 4 ++++ src/pretix/settings.py | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/doc/admin/config.rst b/doc/admin/config.rst index 5c2e74b2bb..b17aee56c2 100644 --- a/doc/admin/config.rst +++ b/doc/admin/config.rst @@ -294,6 +294,10 @@ Example:: setting is not provided, pretix will generate a random secret on the first start and will store it in the filesystem for later usage. +``secret_fallback0`` ... ``secret_fallback9`` + Prior versions of the secret to be used by Django for signing and verification purposes that will still + be accepted but no longer be used for new signing. + ``debug`` Whether or not to run in debug mode. Default is ``False``. diff --git a/src/pretix/settings.py b/src/pretix/settings.py index eab7e20df2..49a9db52be 100644 --- a/src/pretix/settings.py +++ b/src/pretix/settings.py @@ -94,6 +94,13 @@ else: pass # os.chown is not available on Windows f.write(SECRET_KEY) + +SECRET_KEY_FALLBACKS = [] +for i in range(10): + if config.has_option('django', f'secret_fallback{i}'): + SECRET_KEY_FALLBACKS.append(config.get('django', f'secret_fallback{i}')) + + # Adjustable settings debug_fallback = "runserver" in sys.argv or "runserver_plus" in sys.argv