Anonymous committed 2e9fc48

Make the location of secret_file be based on tempfile.gettempdir() instead of hardcoding /tmp

  • Participants
  • Parent commits 0ef2e7f

Comments (0)

Files changed (2)

File devauth/

 import hmac
 import sha
 import base64
+import tempfile
 from paste.util.ip4 import IP4Range, ip2int
 from tempita import HTMLTemplate
 from devauth.htpasswd import check_password, NoSuchUser
     def __init__(self, app, allow, deny, password_file=None,
-                 secret_file='/tmp/devauth.txt', secret=None,
+                 secret_file='$TMP/devauth.txt', secret=None,
                  logger='DevAuth', login_mountpoint='/.devauth',
         ``secret_file``: a file where the server-side secret will be
         kept.  If this file doesnt exist it will be created and random
-        content will be inserted.
+        content will be inserted.  If you put $TMP in the name of the
+        file, it will be replaced by the temporary directory (which is
+        read from several possible environmental variables, or
+        defaults to ``/tmp``).
         ``secret``: instead of storing a secret in a file, you can
         provide the secret at instantiation.
         self.password_mtime = None
         self.passwords = {}
         if secret is None:
+            secret_file = secret_file.replace('$TMP', tempfile.gettempdir())
             secret = self.read_or_create_secret(secret_file)
         self.secret = secret
         self.login_mountpoint = login_mountpoint.rstrip('/')
             os.chmod(filename, 0600)
   'Wrote new secret to %s' % filename)
-            f = open(filename, 'rb')
+            try:
+                f = open(filename, 'rb')
+            except:
+                self.logger.fatal('Cannot read secret from secret file %s' % filename)
+                raise
             secret =
             self.logger.debug('Read secret from %s' % filename)

File docs/index.txt

 If you want to check if a developer is logged in, look for
 ``environ['x-wsgiorg.developer_user']``.  If the page is for
 developers only, then return ``403 Forbidden``.
+svn trunk
+* Change the secret file default location to use the ``TEMP`` variable
+  (and other variables as read by ``tempfile``) for its location,
+  instead of simply being hardcoded to ``/tmp/devauth.txt``.