diff options
| author | Alexis Métaireau <alexis@notmyidea.org> | 2017-06-21 01:49:32 +0200 |
|---|---|---|
| committer | JocelynDelalande <JocelynDelalande@users.noreply.github.com> | 2017-06-27 08:06:38 +0200 |
| commit | 9adc48b50d0f663d9ad90ec464859228b2a5c629 (patch) | |
| tree | ce508edd94a66ce8781ef50eb5c4a4f80bd994c7 | |
| parent | a8360854489d060367cc17ef7933c867228a88e1 (diff) | |
| download | ihatemoney-mirror-9adc48b50d0f663d9ad90ec464859228b2a5c629.zip ihatemoney-mirror-9adc48b50d0f663d9ad90ec464859228b2a5c629.tar.gz ihatemoney-mirror-9adc48b50d0f663d9ad90ec464859228b2a5c629.tar.bz2 | |
Warn user when using default 'not-so-secret' secret-key.
| -rw-r--r-- | budget/run.py | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/budget/run.py b/budget/run.py index b576f72..7fe4e24 100644 --- a/budget/run.py +++ b/budget/run.py @@ -12,6 +12,8 @@ from api import api from utils import PrefixedWSGI from utils import minimal_round +import default_settings + app = Flask(__name__, instance_path='/etc/ihatemoney', instance_relative_config=True) @@ -41,12 +43,18 @@ def configure(): app.config.from_pyfile('ihatemoney.cfg', silent=True) app.wsgi_app = PrefixedWSGI(app) + if app.config['SECRET_KEY'] == default_settings.SECRET_KEY: + warnings.warn( + "Running a server without changing the SECRET_KEY can lead to" + + " user impersonation. Please update your configuration file.", + UserWarning + ) # Deprecations if 'DEFAULT_MAIL_SENDER' in app.config: # Since flask-mail 0.8 warnings.warn( "DEFAULT_MAIL_SENDER is deprecated in favor of MAIL_DEFAULT_SENDER" - +" and will be removed in further version", + + " and will be removed in further version", UserWarning ) if not 'MAIL_DEFAULT_SENDER' in app.config: |