Switched ALLOW_ANONYMOUS_POST to True by default.

- Also added warnings for potentially insecure configuration

Switched ALLOW_ANONYMOUS_POST to True by default.
- Also added warnings for potentially insecure configuration
d0483f4e · Mark Watts · 8b12ff81 · d0483f4e · d0483f4e · d0483f4e
Commit d0483f4e authored Feb 28, 2017 by Mark Watts
--- a/codespeed/__init__.py
+++ b/codespeed/__init__.py
+default_app_config = 'codespeed.apps.CodespeedConfig'
--- a/codespeed/apps.py
+++ b/codespeed/apps.py
+from django.apps import AppConfig
+from django.conf import settings
+
+
+class CodespeedConfig(AppConfig):
+    name = 'codespeed'
+
+    def ready(self):
+        import warnings
+        if settings.ALLOW_ANONYMOUS_POST:
+            warnings.warn("Results can be posted by unregistered users")
+            warnings.warn(
+                "In the future anonymous posting will be disabled by default",
+                category=FutureWarning)
+        elif not settings.REQUIRE_SECURE_AUTH:
+            warnings.warn(
+                "REQUIRE_SECURE_AUTH is not True. This server may prompt for"
+                " user credentials to be submitted in plaintext")
--- a/codespeed/settings.py
+++ b/codespeed/settings.py
@@ -70,5 +70,5 @@ COMP_EXECUTABLES = None  # Which executable + revision should be checked as defa
 USE_MEDIAN_BANDS = True # True to enable median bands on Timeline view


-ALLOW_ANONYMOUS_POST = False  # Whether anonymous users can post results
+ALLOW_ANONYMOUS_POST = True  # Whether anonymous users can post results
 REQUIRE_SECURE_AUTH = True  # Whether auth needs to be over a secure channel