Make settings overrideable instead of replaceable

Author: craigloftus

README.rst

@@ -20,7 +20,7 @@ Modify your `settings.py` to install the app and enable the validator:
 .. code-block:: python
 
     INSTALLED_APPS = [
-        'pwned',
+        'pwned.apps.PwnedConfig',
         ...
     ]
 

pwned/app_settings.py

@@ -2,22 +2,22 @@
 import logging
 import requests
 
-from . import app_settings
+from .settings import get_config
 
 
 logger = logging.getLogger(__name__)
 
 
 session = requests.Session()
-session.headers.update({'User-Agent': app_settings.PWNED['USER-AGENT']})
+session.headers.update({'User-Agent': get_config()['USER_AGENT']})
 
 
 class PwnedClient:
 
     def fetch_range(self, prefix):
         try:
-            url = ''.join([app_settings.PWNED['ENDPOINT'], prefix])
-            resp = session.get(url, timeout=app_settings.PWNED['TIMEOUT'])
+            url = ''.join([get_config()['ENDPOINT'], prefix])
+            resp = session.get(url, timeout=get_config()['TIMEOUT'])
             return resp.text
         except requests.exceptions.RequestException as e:
             logger.exception("Request to Pwned Password API failed. Validation skipped.")
@@ -45,7 +45,7 @@ def make_hash(self, password):
         return sha1(password.encode()).hexdigest().upper()
 
     def split_hash(self, hashed_password):
-        length = app_settings.PWNED['PREFIX_LENGTH']
+        length = get_config()['PREFIX_LENGTH']
         return hashed_password[:length], hashed_password[length:]
 
     def count_occurrences(self, password):

pwned/client.py

@@ -0,0 +1,20 @@
+from functools import lru_cache
+
+from django.conf import settings
+
+
+DEFAULTS = {
+    'ENDPOINT': 'https://api.pwnedpasswords.com/range/',
+    'TIMEOUT': 2, # The default is conservative but will cut off some requests; average is 280ms
+    'PREFIX_LENGTH': 5,
+    'OCCURRENCE_THRESHOLD': 1, # How many occurrences is too many
+    'USER_AGENT': 'github.com/craigloftus/django-pwned-validator',
+}
+
+
+@lru_cache()
+def get_config():
+    SETTINGS = DEFAULTS.copy()
+    # Override with any user settings
+    SETTINGS.update(getattr(settings, 'PWNED', {}))
+    return SETTINGS

pwned/settings.py

@@ -3,7 +3,7 @@
 from django.utils.translation import gettext_lazy as _
 
 from .client import PwnedClient
-from . import app_settings
+from .settings import get_config
 
 
 @deconstructible
@@ -15,5 +15,5 @@ class PwnedValidator:
     def validate(self, password, user=None):
         pwned_client = self.client()
         count = pwned_client.count_occurrences(password)
-        if count >= app_settings.PWNED['OCCURRENCE_THRESHOLD']:
+        if count >= get_config()['OCCURRENCE_THRESHOLD']:
             raise ValidationError(self.message, code=self.code)

pwned/validators.py

@@ -0,0 +1,9 @@
+import pytest
+
+
+@pytest.fixture
+def bypass_config_cache():
+    from pwned.settings import get_config
+    get_config.cache_clear()
+    yield
+    get_config.cache_clear()

tests/__init__.py

@@ -2,6 +2,9 @@
 
 from pwned.client import PwnedClient
 
+from .fixtures import bypass_config_cache
+
+
 def test_parse_range_valid():
     client = PwnedClient()
     raw_range = """
@@ -40,12 +43,13 @@ def test_split_hash():
     assert client.split_hash(hashed_password) == ('8CEF1', 'E00B20F463C1E48B589B03660D4E3B9EF7A')
 
 
-def test_split_hash_prefix_length(monkeypatch):
-    monkeypatch.setattr('pwned.app_settings.PWNED', {'PREFIX_LENGTH': 10})
+def test_split_hash_prefix_length(settings, bypass_config_cache):
+    settings.PWNED = {'PREFIX_LENGTH': 10}
     client = PwnedClient()
     hashed_password = '8CEF1E00B20F463C1E48B589B03660D4E3B9EF7A'
     prefix, suffix = client.split_hash(hashed_password)
     assert len(prefix) == 10
+    assert len(suffix) == 30
 
 
 @pytest.mark.vcr

tests/fixtures.py

@@ -0,0 +1,10 @@
+from pwned.settings import get_config
+
+from .fixtures import bypass_config_cache
+
+
+def test_override_individual_settings(settings, bypass_config_cache):
+    settings.PWNED = {
+        'TIMEOUT': 10,
+    }
+    assert get_config()['TIMEOUT'] == 10