diff --git a/addons/aldryn-django/aldryn_config.py b/addons/aldryn-django/aldryn_config.py index d0cbf7b..e3134c5 100644 --- a/addons/aldryn-django/aldryn_config.py +++ b/addons/aldryn-django/aldryn_config.py @@ -75,7 +75,9 @@ class Form(forms.BaseForm): initial=False, help_text=( 'For example, http://example.com/ rather than ' - 'http://example.com/en/ if en (English) is the default language.' + 'http://example.com/en/ if en (English) is the default language. ' + 'If multiple languages are configured, this option will be ignored ' + 'for Django versions prior to 1.10.' ) ) session_timeout = forms.NumberField( @@ -88,6 +90,7 @@ class Form(forms.BaseForm): ) def to_settings(self, data, settings): + import django_cache_url import dj_database_url import warnings from functools import partial @@ -123,6 +126,8 @@ class Form(forms.BaseForm): ), RuntimeWarning, ) + settings['DATABASES']['default'] = dj_database_url.parse(settings['DATABASE_URL']) + if not settings['CACHE_URL']: settings['CACHE_URL'] = 'locmem://' warnings.warn( @@ -131,10 +136,10 @@ class Form(forms.BaseForm): ), RuntimeWarning, ) - - settings['DATABASES']['default'] = dj_database_url.parse(settings['DATABASE_URL']) + settings['CACHES']['default'] = django_cache_url.parse(settings['CACHE_URL']) settings['ROOT_URLCONF'] = env('ROOT_URLCONF', 'urls') + settings['ADDON_URLS'].append('aldryn_django.urls') settings['ADDON_URLS_I18N'].append('aldryn_django.i18n_urls') settings['WSGI_APPLICATION'] = 'wsgi.application' @@ -164,13 +169,13 @@ class Form(forms.BaseForm): 'context_processors': [ 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', - 'django.template.context_processors.i18n', - 'django.template.context_processors.debug', - 'django.template.context_processors.request', - 'django.template.context_processors.media', - 'django.template.context_processors.csrf', - 'django.template.context_processors.tz', - 'django.template.context_processors.static', + 'django.core.context_processors.i18n', + 'django.core.context_processors.debug', + 'django.core.context_processors.request', + 'django.core.context_processors.media', + 'django.core.context_processors.csrf', + 'django.core.context_processors.tz', + 'django.core.context_processors.static', 'aldryn_django.context_processors.debug', ], 'loaders': loader_list_class([ @@ -210,7 +215,6 @@ class Form(forms.BaseForm): self.logging_settings(settings, env=env) # Order matters, sentry settings rely on logging being configured. self.sentry_settings(settings, env=env) - self.cache_settings(settings, env=env) self.storage_settings_for_media(settings, env=env) self.storage_settings_for_static(data, settings, env=env) self.email_settings(data, settings, env=env) @@ -300,6 +304,23 @@ class Form(forms.BaseForm): 'django.middleware.security.SecurityMiddleware', ) + # Add the debreach middlewares to counter CRIME/BREACH attacks. + # We always add it even if the GZipMiddleware is not enabled because + # we cannot assume that every upstream proxy implements a + # countermeasure itself. + s['RANDOM_COMMENT_EXCLUDED_VIEWS'] = set([]) + if 'django.middleware.gzip.GZipMiddleware' in s['MIDDLEWARE_CLASSES']: + index = s['MIDDLEWARE_CLASSES'].index('django.middleware.gzip.GZipMiddleware') + 1 + else: + index = 0 + s['MIDDLEWARE_CLASSES'].insert(index, 'aldryn_django.middleware.RandomCommentExclusionMiddleware') + s['MIDDLEWARE_CLASSES'].insert(index, 'debreach.middleware.RandomCommentMiddleware') + if 'django.middleware.csrf.CsrfViewMiddleware' in s['MIDDLEWARE_CLASSES']: + s['MIDDLEWARE_CLASSES'].insert( + s['MIDDLEWARE_CLASSES'].index('django.middleware.csrf.CsrfViewMiddleware'), + 'debreach.middleware.CSRFCryptMiddleware', + ) + def server_settings(self, settings, env): settings['PORT'] = env('PORT', 80) settings['BACKEND_PORT'] = env('BACKEND_PORT', 8000) @@ -388,12 +409,6 @@ class Form(forms.BaseForm): 'class': 'raven.contrib.django.raven_compat.handlers.SentryHandler', } - def cache_settings(self, settings, env): - import django_cache_url - cache_url = env('CACHE_URL') - if cache_url: - settings['CACHES']['default'] = django_cache_url.parse(cache_url) - def storage_settings_for_media(self, settings, env): import yurl from aldryn_django.storage import parse_storage_url @@ -492,18 +507,41 @@ class Form(forms.BaseForm): def i18n_settings(self, data, settings, env): settings['ALL_LANGUAGES'] = list(settings['LANGUAGES']) settings['ALL_LANGUAGES_DICT'] = dict(settings['ALL_LANGUAGES']) - languages = [ - (code, settings['ALL_LANGUAGES_DICT'][code]) - for code in json.loads(data['languages']) - ] - settings['LANGUAGE_CODE'] = languages[0][0] + settings['USE_L10N'] = True settings['USE_I18N'] = True - settings['LANGUAGES'] = languages + + def language_codes_to_tuple(codes): + return [ + (code, settings['ALL_LANGUAGES_DICT'][code]) + for code in codes + ] + langs_from_env = env('LANGUAGES', None) + lang_codes_from_env = env('LANGUAGE_CODES', None) + langs_from_form = json.loads(data['languages']) + + if langs_from_env: + settings['LANGUAGES'] = langs_from_env + elif lang_codes_from_env: + settings['LANGUAGES'] = language_codes_to_tuple(lang_codes_from_env) + else: + settings['LANGUAGES'] = language_codes_to_tuple(langs_from_form) + + lang_code_from_env = env('LANGUAGE_CODE', None) + if lang_code_from_env: + settings['LANGUAGE_CODE'] = lang_code_from_env + else: + settings['LANGUAGE_CODE'] = settings['LANGUAGES'][0][0] + settings['LOCALE_PATHS'] = [ os.path.join(settings['BASE_DIR'], 'locale'), ] - settings['PREFIX_DEFAULT_LANGUAGE'] = not data['disable_default_language_prefix'] + + if len(settings['LANGUAGES']) <= 1: + settings['PREFIX_DEFAULT_LANGUAGE'] = not data['disable_default_language_prefix'] + else: + # this is not supported for django versions < 1.10 + settings['PREFIX_DEFAULT_LANGUAGE'] = True if not settings['PREFIX_DEFAULT_LANGUAGE']: settings['MIDDLEWARE_CLASSES'].insert( diff --git a/requirements.in b/requirements.in index e0c0d5c..cfab83b 100644 --- a/requirements.in +++ b/requirements.in @@ -1,6 +1,6 @@ # # Warning: text inside the INSTALLED_ADDONS tags is auto-generated. Manual changes will be overwritten. https://control.divio.com/api/v1/apps/serve/aldryn-addons/1.0.2/24f5d1c8-66fe-43b2-a540-17d61045a72b/aldryn-addons-1.0.2.tar.gz#egg=aldryn-addons==1.0.2 -https://control.divio.com/api/v1/apps/serve/aldryn-django/1.10.8.4/2e6f0c94-2f00-42dc-9db2-9f15727b6616/aldryn-django-1.10.8.4.tar.gz#egg=aldryn-django==1.10.8.4 +https://control.divio.com/api/v1/apps/serve/aldryn-django/1.9.13.5/5b23a95a-a626-40a7-9db7-87b6bc1e2ff8/aldryn-django-1.9.13.5.tar.gz#egg=aldryn-django==1.9.13.5 https://control.divio.com/api/v1/apps/serve/aldryn-sso/1.1.16/dbe0c45a-c981-4beb-8624-b0d2c4196aa0/aldryn-sso-1.1.16.tar.gz#egg=aldryn-sso==1.1.16 https://control.divio.com/api/v1/apps/serve/aldryn-django-cms/3.5.1.3/2dd6f80a-825c-4aaf-b37f-519a6c46108e/aldryn-django-cms-3.5.1.3.tar.gz#egg=aldryn-django-cms==3.5.1.3 https://control.divio.com/api/v1/apps/serve/aldryn-forms/2.2.8/fbefab76-74bf-445a-8288-7937b5750aa4/aldryn-forms-2.2.8.tar.gz#egg=aldryn-forms==2.2.8