From fe47f9f07e891244f2923b7fdf30a1fa67f6d310 Mon Sep 17 00:00:00 2001 From: Daniel Quinn Date: Sun, 10 Jan 2016 13:40:26 +0000 Subject: [PATCH] Better handling of the passphrase --- README.md | 16 ++++++++++------ src/manage.py | 5 ++--- src/paperless/settings.py | 16 ++++++++++++++-- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index ec4ab4aca..ea00d1af8 100644 --- a/README.md +++ b/README.md @@ -55,14 +55,18 @@ powerful tools. * `CONVERT_BINARY`: The path to `convert`, installed as part of ImageMagick. * `SCRATCH_DIR`: A place for files to be created and destroyed. The default is as good a place as any. - * `CONSUMPTION_DIR`: The directory you scanner will be depositing files. - Note that the consumption script will import files from here **and then - delete them**. + * `CONSUMPTION_DIR`: The directory into which your scanner will be + depositing files. Note that the consumption script will import files from + here **and then delete them**. + * `PASSPHRASE`: You can set this here, or allow the running of the service + to ask you for it each time you start. If you store the value here, you + should probably set the permissions on `settings.py` to `0400`. -3. Run `python manage.py migrate`. This will create your local database. +3. Run `python manage.py migrate`. This will create your local database if it + doesn't exist. You should probably change the permissions on this database + file to 0600. -4. Run `python manage.py consume` and enter your preferred passphrase when - prompted. +4. Run `python manage.py consume`. 5. Start the webserver with `python manage.py runserver` and enter the same passphrase when prompted. diff --git a/src/manage.py b/src/manage.py index ed6281d2c..fe521ae0b 100755 --- a/src/manage.py +++ b/src/manage.py @@ -11,9 +11,8 @@ if __name__ == "__main__": # The runserver and consumer need to have access to the passphrase, so it # must be entered at start time to keep it safe. if "runserver" in sys.argv or "consume" in sys.argv: - settings.PASSPHRASE = "asdf" - if not settings.DEBUG: + if not settings.PASSPHRASE: settings.PASSPHRASE = input( - "Production environment. Input passphrase: ") + "settings.PASSPHRASE is unset. Input passphrase: ") execute_from_command_line(sys.argv) diff --git a/src/paperless/settings.py b/src/paperless/settings.py index a910148c5..85dfcecae 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -84,6 +84,13 @@ DATABASES = { 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), } } +if os.environ.get("PAPERLESS_DBUSER") and os.environ.get("PAPERLESS_DBPASS"): + DATABASES["default"] = { + "ENGINE": "django.db.backends.postgresql_psycopg2", + "NAME": os.environ.get("PAPERLESS_DBNAME", "paperless"), + "USER": os.environ.get("PAPERLESS_DBUSER"), + "PASSWORD": os.environ.get("PAPERLESS_DBPASS") + } # Password validation @@ -132,8 +139,13 @@ MEDIA_URL = "/media/" # Paperless-specific stuffs # Change these paths if yours are different +GNUPG_HOME = os.environ.get("HOME", "/dev/null") CONVERT_BINARY = "/usr/bin/convert" SCRATCH_DIR = "/tmp/paperless" # Will be created if it doesn't exist CONSUMPTION_DIR = "/tmp/paperless/consume" -GNUPG_HOME = os.environ.get("HOME", "/dev/null") -PASSPHRASE = None # Set via manage.py + +# Set this and change the permissions on this file to 0600, or set it to +# `None` and you'll be prompted for the passphrase at runtime. The default +# looks for an environment variable. +PASSPHRASE = os.environ.get("PAPERLESS_PASSPHRASE") +