Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set."

This reverts commit b3cffde5559c4fa97625512d7ec41a674be26076 due to
a regression and performance concerns.

django/conf/__init__.py

@@ -116,15 +116,15 @@ class Settings:
             if setting.isupper():
                 setting_value = getattr(mod, setting)
 
-                if setting == 'SECRET_KEY' and not setting_value:
-                    raise ImproperlyConfigured('The SECRET_KEY setting must not be empty.')
-
                 if (setting in tuple_settings and
                         not isinstance(setting_value, (list, tuple))):
                     raise ImproperlyConfigured("The %s setting must be a list or a tuple. " % setting)
                 setattr(self, setting, setting_value)
                 self._explicit_settings.add(setting)
 
+        if not self.SECRET_KEY:
+            raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
+
         if self.is_overridden('DEFAULT_CONTENT_TYPE'):
             warnings.warn('The DEFAULT_CONTENT_TYPE setting is deprecated.', RemovedInDjango30Warning)
 
@@ -140,11 +140,6 @@ class Settings:
             os.environ['TZ'] = self.TIME_ZONE
             time.tzset()
 
-    def __getattr__(self, name):
-        if name == 'SECRET_KEY':
-            raise ImproperlyConfigured('The SECRET_KEY setting must be set.')
-        raise AttributeError("'%s' object has no attribute '%s'" % (self.__class__.__name__, name))
-
     def is_overridden(self, setting):
         return setting in self._explicit_settings
 

django/conf/global_settings.py

@@ -256,6 +256,11 @@ ABSOLUTE_URL_OVERRIDES = {}
 #    ]
 IGNORABLE_404_URLS = []
 
+# A secret key for this particular Django installation. Used in secret-key
+# hashing algorithms. Set this in your settings, or Django will complain
+# loudly.
+SECRET_KEY = ''
+
 # Default file storage mechanism that holds media.
 DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'
 

docs/ref/settings.txt

@@ -2066,7 +2066,7 @@ object. See :ref:`how-django-processes-a-request` for details.
 ``SECRET_KEY``
 --------------
 
-Default: Not defined
+Default: ``''`` (Empty string)
 
 A secret key for a particular Django installation. This is used to provide
 :doc:`cryptographic signing </topics/signing>`, and should be set to a unique,
@@ -2079,9 +2079,7 @@ Uses of the key shouldn't assume that it's text or bytes. Every use should go
 through :func:`~django.utils.encoding.force_text` or
 :func:`~django.utils.encoding.force_bytes` to convert it to the desired type.
 
-Django will refuse to start if :setting:`SECRET_KEY` is set to an empty value.
-:class:`~django.core.exceptions.ImproperlyConfigured` is raised if
-``SECRET_KEY`` is accessed but not set.
+Django will refuse to start if :setting:`SECRET_KEY` is not set.
 
 .. warning::
 
@@ -2114,10 +2112,6 @@ affect them.
     startproject <startproject>` creates a unique ``SECRET_KEY`` for
     convenience.
 
-.. versionchanged:: 2.1
-
-    In older versions, ``SECRET_KEY`` defaults to an empty string.
-
 .. setting:: SECURE_BROWSER_XSS_FILTER
 
 ``SECURE_BROWSER_XSS_FILTER``

tests/admin_scripts/tests.py

@@ -2213,11 +2213,7 @@ class DiffSettings(AdminScriptTestCase):
         out, err = self.run_manage(args)
         self.assertNoOutput(err)
         self.assertOutput(out, "+ FOO = 'bar'")
-        self.assertOutput(out, "- INSTALLED_APPS = []")
-        self.assertOutput(
-            out,
-            "+ INSTALLED_APPS = ['django.contrib.auth', 'django.contrib.contenttypes', 'admin_scripts']"
-        )
+        self.assertOutput(out, "- SECRET_KEY = ''")
         self.assertOutput(out, "+ SECRET_KEY = 'django_tests_secret_key'")
         self.assertNotInOutput(out, "  APPEND_SLASH = True")
 
@@ -2233,12 +2229,7 @@ class DiffSettings(AdminScriptTestCase):
         self.assertNoOutput(err)
         self.assertOutput(out, "  APPEND_SLASH = True")
         self.assertOutput(out, "+ FOO = 'bar'")
-        self.assertOutput(out, "- INSTALLED_APPS = []")
-        self.assertOutput(
-            out,
-            "+ INSTALLED_APPS = ['django.contrib.auth', 'django.contrib.contenttypes', 'admin_scripts']"
-        )
-        self.assertOutput(out, "+ SECRET_KEY = 'django_tests_secret_key'")
+        self.assertOutput(out, "- SECRET_KEY = ''")
 
 
 class Dumpdata(AdminScriptTestCase):

tests/settings_tests/tests.py

@@ -291,20 +291,8 @@ class SettingsTests(SimpleTestCase):
     def test_no_secret_key(self):
         settings_module = ModuleType('fake_settings_module')
         sys.modules['fake_settings_module'] = settings_module
-        msg = 'The SECRET_KEY setting must be set.'
+        msg = 'The SECRET_KEY setting must not be empty.'
         try:
-            settings = Settings('fake_settings_module')
-            with self.assertRaisesMessage(ImproperlyConfigured, msg):
-                settings.SECRET_KEY
-        finally:
-            del sys.modules['fake_settings_module']
-
-    def test_secret_key_empty_string(self):
-        settings_module = ModuleType('fake_settings_module')
-        settings_module.SECRET_KEY = ''
-        sys.modules['fake_settings_module'] = settings_module
-        try:
-            msg = 'The SECRET_KEY setting must not be empty.'
             with self.assertRaisesMessage(ImproperlyConfigured, msg):
                 Settings('fake_settings_module')
         finally: