Merge branch 'security/enhanced-password-hashing-and-logging' into 'master'

feat: enhance security with improved password hashing and logging See merge request oliver/ivatar!258
2025-11-11 18:56:23 +00:00 · 2025-10-15 16:36:27 +02:00
parent 27ea0ecb6b 368aa5bf27
commit 2cde85e137
54 changed files with 14424 additions and 346 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@ dump_all*.sql
 dist/
 .env.local
 tmp/
+logs/
--- a/config.py
+++ b/config.py
@@ -296,6 +296,9 @@ TRUSTED_DEFAULT_URLS = list(map(map_legacy_config, TRUSTED_DEFAULT_URLS))
 BLUESKY_IDENTIFIER = os.environ.get("BLUESKY_IDENTIFIER", None)
 BLUESKY_APP_PASSWORD = os.environ.get("BLUESKY_APP_PASSWORD", None)

+# Logging configuration - can be overridden in local config
+# Example: LOGS_DIR = "/var/log/ivatar"  # For production deployments
+
 # This MUST BE THE LAST!
 if os.path.isfile(os.path.join(BASE_DIR, "config_local.py")):
    from config_local import *  # noqa # flake8: noqa # NOQA # pragma: no cover
--- a/config_local.py.example
+++ b/config_local.py.example
@@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+"""
+Example local configuration file for ivatar
+Copy this to config_local.py and customize for your environment
+"""
+
+import os
+
+# Override logs directory for production deployments
+# LOGS_DIR = "/var/log/ivatar"
+
+# Override logs directory for development with custom location
+# LOGS_DIR = os.path.join(os.path.expanduser("~"), "ivatar_logs")
+
+# Example production overrides:
+# DEBUG = False
+# SECRET_KEY = "your-production-secret-key-here"
+# ALLOWED_HOSTS = ["yourdomain.com", "www.yourdomain.com"]
+
+# Database configuration (if not using environment variables)
+# DATABASES = {
+#     'default': {
+#         'ENGINE': 'django.db.backends.postgresql',
+#         'NAME': 'ivatar_prod',
+#         'USER': 'ivatar_user',
+#         'PASSWORD': 'your-db-password',
+#         'HOST': 'localhost',
+#         'PORT': '5432',
+#     }
+# }
+
+# Email configuration
+# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+# EMAIL_HOST = 'smtp.yourdomain.com'
+# EMAIL_PORT = 587
+# EMAIL_USE_TLS = True
+# EMAIL_HOST_USER = 'noreply@yourdomain.com'
+# EMAIL_HOST_PASSWORD = 'your-email-password'
+
+# Example: Override logs directory for production
+# LOGS_DIR = "/var/log/ivatar"
--- a/create.sh
+++ b/create.sh
@@ -2,11 +2,11 @@

 oc new-project ivatar

-DB_PASSWORD=`openssl rand -base64 16`
-DB_ROOT_PASSWORD=`openssl rand -base64 16`
+DB_PASSWORD=$(openssl rand -base64 16)
+DB_ROOT_PASSWORD=$(openssl rand -base64 16)

 if [ -n "$USE_MYSQL" ]; then
-  DB_CMDLINE="mysql-persistent
+    DB_CMDLINE="mysql-persistent
  --group=python+mysql-persistent
  -e MYSQL_USER=ivatar
  -p MYSQL_USER=ivatar
@@ -17,7 +17,7 @@ if [ -n "$USE_MYSQL" ]; then
  -e MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
  -p MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD"
 else
-  DB_CMDLINE="postgresql-persistent
+    DB_CMDLINE="postgresql-persistent
  -e POSTGRESQL_USER=ivatar
  -p POSTGRESQL_USER=ivatar
  -e POSTGRESQL_DATABASE=ivatar
@@ -35,8 +35,8 @@ if [ -n "$LKERNAT_GITLAB_OPENSHIFT_ACCESS_TOKEN" ]; then
 fi

 oc new-app $SECRET_CMDLINE python~https://git.linux-kernel.at/oliver/ivatar.git \
-  -e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
-  -e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
-  $DB_CMDLINE
+    -e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
+    -e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
+    $DB_CMDLINE

 oc expose svc/ivatar
--- a/create_nobody_from_svg_with_inkscape.sh
+++ b/create_nobody_from_svg_with_inkscape.sh
@@ -1,4 +1,4 @@
 for size in $(seq 1 512); do
    inkscape -z -e ivatar/static/img/nobody/${size}.png -w ${size} -h ${size} \
-      ivatar/static/img/libravatar_logo.svg
+        ivatar/static/img/libravatar_logo.svg
 done
--- a/ivatar/ivataraccount/migrations/0001_initial.py
+++ b/ivatar/ivataraccount/migrations/0001_initial.py
@@ -1,9 +1,9 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.5 on 2018-05-07 07:13

 from django.conf import settings
 from django.db import migrations, models
 import django.db.models.deletion
-import ivatar.ivataraccount.models


 class Migration(migrations.Migration):
@@ -16,93 +16,167 @@ class Migration(migrations.Migration):

    operations = [
        migrations.CreateModel(
-            name='ConfirmedEmail',
+            name="ConfirmedEmail",
            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
-                ('add_date', models.DateTimeField()),
-                ('email', models.EmailField(max_length=254, unique=True)),
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
+                ("add_date", models.DateTimeField()),
+                ("email", models.EmailField(max_length=254, unique=True)),
            ],
            options={
-                'verbose_name': 'confirmed email',
-                'verbose_name_plural': 'confirmed emails',
+                "verbose_name": "confirmed email",
+                "verbose_name_plural": "confirmed emails",
            },
        ),
        migrations.CreateModel(
-            name='ConfirmedOpenId',
+            name="ConfirmedOpenId",
            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
-                ('add_date', models.DateTimeField()),
-                ('openid', models.URLField(max_length=255, unique=True)),
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
+                ("add_date", models.DateTimeField()),
+                ("openid", models.URLField(max_length=255, unique=True)),
            ],
            options={
-                'verbose_name': 'confirmed OpenID',
-                'verbose_name_plural': 'confirmed OpenIDs',
+                "verbose_name": "confirmed OpenID",
+                "verbose_name_plural": "confirmed OpenIDs",
            },
        ),
        migrations.CreateModel(
-            name='Photo',
+            name="Photo",
            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('add_date', models.DateTimeField()),
-                ('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
-                ('data', models.BinaryField()),
-                ('format', models.CharField(max_length=3)),
-                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("add_date", models.DateTimeField()),
+                ("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
+                ("data", models.BinaryField()),
+                ("format", models.CharField(max_length=3)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
            ],
            options={
-                'verbose_name': 'photo',
-                'verbose_name_plural': 'photos',
+                "verbose_name": "photo",
+                "verbose_name_plural": "photos",
            },
        ),
        migrations.CreateModel(
-            name='UnconfirmedEmail',
+            name="UnconfirmedEmail",
            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
-                ('add_date', models.DateTimeField()),
-                ('email', models.EmailField(max_length=254)),
-                ('verification_key', models.CharField(max_length=64)),
-                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
+                ("add_date", models.DateTimeField()),
+                ("email", models.EmailField(max_length=254)),
+                ("verification_key", models.CharField(max_length=64)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
            ],
            options={
-                'verbose_name': 'unconfirmed_email',
-                'verbose_name_plural': 'unconfirmed_emails',
+                "verbose_name": "unconfirmed_email",
+                "verbose_name_plural": "unconfirmed_emails",
            },
        ),
        migrations.CreateModel(
-            name='UnconfirmedOpenId',
+            name="UnconfirmedOpenId",
            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
-                ('add_date', models.DateTimeField()),
-                ('openid', models.URLField(max_length=255)),
-                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
+                ("add_date", models.DateTimeField()),
+                ("openid", models.URLField(max_length=255)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
            ],
            options={
-                'verbose_name': 'unconfirmed OpenID',
-                'verbose_name_plural': 'unconfirmed_OpenIDs',
+                "verbose_name": "unconfirmed OpenID",
+                "verbose_name_plural": "unconfirmed_OpenIDs",
            },
        ),
        migrations.AddField(
-            model_name='confirmedopenid',
-            name='photo',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='openids', to='ivataraccount.Photo'),
+            model_name="confirmedopenid",
+            name="photo",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="openids",
+                to="ivataraccount.Photo",
+            ),
        ),
        migrations.AddField(
-            model_name='confirmedopenid',
-            name='user',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+            model_name="confirmedopenid",
+            name="user",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
+            ),
        ),
        migrations.AddField(
-            model_name='confirmedemail',
-            name='photo',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='emails', to='ivataraccount.Photo'),
+            model_name="confirmedemail",
+            name="photo",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="emails",
+                to="ivataraccount.Photo",
+            ),
        ),
        migrations.AddField(
-            model_name='confirmedemail',
-            name='user',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+            model_name="confirmedemail",
+            name="user",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
+            ),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0002_openidassociation_openidnonce.py
+++ b/ivatar/ivataraccount/migrations/0002_openidassociation_openidnonce.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.5 on 2018-05-07 07:23

 from django.db import migrations, models
@@ -6,29 +7,45 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0001_initial'),
+        ("ivataraccount", "0001_initial"),
    ]

    operations = [
        migrations.CreateModel(
-            name='OpenIDAssociation',
+            name="OpenIDAssociation",
            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('server_url', models.TextField(max_length=2047)),
-                ('handle', models.CharField(max_length=255)),
-                ('secret', models.TextField(max_length=255)),
-                ('issued', models.IntegerField()),
-                ('lifetime', models.IntegerField()),
-                ('assoc_type', models.TextField(max_length=64)),
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("server_url", models.TextField(max_length=2047)),
+                ("handle", models.CharField(max_length=255)),
+                ("secret", models.TextField(max_length=255)),
+                ("issued", models.IntegerField()),
+                ("lifetime", models.IntegerField()),
+                ("assoc_type", models.TextField(max_length=64)),
            ],
        ),
        migrations.CreateModel(
-            name='OpenIDNonce',
+            name="OpenIDNonce",
            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('server_url', models.CharField(max_length=255)),
-                ('timestamp', models.IntegerField()),
-                ('salt', models.CharField(max_length=128)),
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("server_url", models.CharField(max_length=255)),
+                ("timestamp", models.IntegerField()),
+                ("salt", models.CharField(max_length=128)),
            ],
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0003_auto_20180508_0637.py
+++ b/ivatar/ivataraccount/migrations/0003_auto_20180508_0637.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.5 on 2018-05-08 06:37

 import datetime
@@ -7,53 +8,53 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0002_openidassociation_openidnonce'),
+        ("ivataraccount", "0002_openidassociation_openidnonce"),
    ]

    operations = [
        migrations.AlterField(
-            model_name='confirmedemail',
-            name='add_date',
+            model_name="confirmedemail",
+            name="add_date",
            field=models.DateTimeField(default=datetime.datetime.utcnow),
        ),
        migrations.AlterField(
-            model_name='confirmedemail',
-            name='ip_address',
+            model_name="confirmedemail",
+            name="ip_address",
            field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
        ),
        migrations.AlterField(
-            model_name='confirmedopenid',
-            name='add_date',
+            model_name="confirmedopenid",
+            name="add_date",
            field=models.DateTimeField(default=datetime.datetime.utcnow),
        ),
        migrations.AlterField(
-            model_name='confirmedopenid',
-            name='ip_address',
+            model_name="confirmedopenid",
+            name="ip_address",
            field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
        ),
        migrations.AlterField(
-            model_name='photo',
-            name='add_date',
+            model_name="photo",
+            name="add_date",
            field=models.DateTimeField(default=datetime.datetime.utcnow),
        ),
        migrations.AlterField(
-            model_name='unconfirmedemail',
-            name='add_date',
+            model_name="unconfirmedemail",
+            name="add_date",
            field=models.DateTimeField(default=datetime.datetime.utcnow),
        ),
        migrations.AlterField(
-            model_name='unconfirmedemail',
-            name='ip_address',
+            model_name="unconfirmedemail",
+            name="ip_address",
            field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
        ),
        migrations.AlterField(
-            model_name='unconfirmedopenid',
-            name='add_date',
+            model_name="unconfirmedopenid",
+            name="add_date",
            field=models.DateTimeField(default=datetime.datetime.utcnow),
        ),
        migrations.AlterField(
-            model_name='unconfirmedopenid',
-            name='ip_address',
+            model_name="unconfirmedopenid",
+            name="ip_address",
            field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0004_auto_20180508_0742.py
+++ b/ivatar/ivataraccount/migrations/0004_auto_20180508_0742.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.5 on 2018-05-08 07:42

 from django.db import migrations, models
@@ -7,33 +8,33 @@ import django.utils.timezone
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0003_auto_20180508_0637'),
+        ("ivataraccount", "0003_auto_20180508_0637"),
    ]

    operations = [
        migrations.AlterField(
-            model_name='confirmedemail',
-            name='add_date',
+            model_name="confirmedemail",
+            name="add_date",
            field=models.DateTimeField(default=django.utils.timezone.now),
        ),
        migrations.AlterField(
-            model_name='confirmedopenid',
-            name='add_date',
+            model_name="confirmedopenid",
+            name="add_date",
            field=models.DateTimeField(default=django.utils.timezone.now),
        ),
        migrations.AlterField(
-            model_name='photo',
-            name='add_date',
+            model_name="photo",
+            name="add_date",
            field=models.DateTimeField(default=django.utils.timezone.now),
        ),
        migrations.AlterField(
-            model_name='unconfirmedemail',
-            name='add_date',
+            model_name="unconfirmedemail",
+            name="add_date",
            field=models.DateTimeField(default=django.utils.timezone.now),
        ),
        migrations.AlterField(
-            model_name='unconfirmedopenid',
-            name='add_date',
+            model_name="unconfirmedopenid",
+            name="add_date",
            field=models.DateTimeField(default=django.utils.timezone.now),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0005_auto_20180522_1155.py
+++ b/ivatar/ivataraccount/migrations/0005_auto_20180522_1155.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.5 on 2018-05-22 11:55

 from django.db import migrations, models
@@ -6,20 +7,20 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0004_auto_20180508_0742'),
+        ("ivataraccount", "0004_auto_20180508_0742"),
    ]

    operations = [
        migrations.AddField(
-            model_name='confirmedemail',
-            name='digest',
-            field=models.CharField(default='', max_length=64),
+            model_name="confirmedemail",
+            name="digest",
+            field=models.CharField(default="", max_length=64),
            preserve_default=False,
        ),
        migrations.AddField(
-            model_name='confirmedopenid',
-            name='digest',
-            field=models.CharField(default='', max_length=64),
+            model_name="confirmedopenid",
+            name="digest",
+            field=models.CharField(default="", max_length=64),
            preserve_default=False,
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0006_auto_20180626_1445.py
+++ b/ivatar/ivataraccount/migrations/0006_auto_20180626_1445.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.6 on 2018-06-26 14:45

 from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0005_auto_20180522_1155'),
+        ("ivataraccount", "0005_auto_20180522_1155"),
    ]

    operations = [
        migrations.AddField(
-            model_name='confirmedemail',
-            name='digest_sha256',
+            model_name="confirmedemail",
+            name="digest_sha256",
            field=models.CharField(max_length=64, null=True),
        ),
        migrations.AlterField(
-            model_name='confirmedemail',
-            name='digest',
+            model_name="confirmedemail",
+            name="digest",
            field=models.CharField(max_length=32),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0007_auto_20180627_0624.py
+++ b/ivatar/ivataraccount/migrations/0007_auto_20180627_0624.py
@@ -1,39 +1,53 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.6 on 2018-06-27 06:24

 from django.db import migrations, models
 import django.db.models.deletion

+
 def add_sha256(apps, schema_editor):
-     '''
-     Make sure all ConfirmedEmail have digest_sha256 set
-     in order to alter the model so sha256 may not be NULL
-     '''
-     ConfirmedEmail = apps.get_model('ivataraccount', 'ConfirmedEmail')
-     for mail in ConfirmedEmail.objects.filter(digest_sha256=None):
-         mail.save()  # pragma: no cover
+    """
+    Make sure all ConfirmedEmail have digest_sha256 set
+    in order to alter the model so sha256 may not be NULL
+    """
+    ConfirmedEmail = apps.get_model("ivataraccount", "ConfirmedEmail")
+    for mail in ConfirmedEmail.objects.filter(digest_sha256=None):
+        mail.save()  # pragma: no cover


 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0006_auto_20180626_1445'),
+        ("ivataraccount", "0006_auto_20180626_1445"),
    ]

    operations = [
        migrations.RunPython(add_sha256),
        migrations.AlterField(
-            model_name='confirmedemail',
-            name='digest_sha256',
+            model_name="confirmedemail",
+            name="digest_sha256",
            field=models.CharField(max_length=64),
        ),
        migrations.AlterField(
-            model_name='confirmedemail',
-            name='photo',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='emails', to='ivataraccount.Photo'),
+            model_name="confirmedemail",
+            name="photo",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="emails",
+                to="ivataraccount.Photo",
+            ),
        ),
        migrations.AlterField(
-            model_name='confirmedopenid',
-            name='photo',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='openids', to='ivataraccount.Photo'),
+            model_name="confirmedopenid",
+            name="photo",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="openids",
+                to="ivataraccount.Photo",
+            ),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0008_userpreference.py
+++ b/ivatar/ivataraccount/migrations/0008_userpreference.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # pylint: disable=invalid-name,missing-docstring
 # Generated by Django 2.0.6 on 2018-07-04 12:32

@@ -7,11 +8,14 @@ import django.db.models.deletion


 def add_preference_to_user(apps, schema_editor):  # pylint: disable=unused-argument
-    '''
+    """
    Make sure all users have preferences set up
-    '''
+    """
    from django.contrib.auth.models import User
-    UserPreference = apps.get_model('ivataraccount', 'UserPreference')  # pylint: disable=invalid-name
+
+    UserPreference = apps.get_model(
+        "ivataraccount", "UserPreference"
+    )  # pylint: disable=invalid-name
    for user in User.objects.filter(userpreference=None):
        pref = UserPreference.objects.create(user_id=user.pk)  # pragma: no cover
        pref.save()  # pragma: no cover
@@ -20,24 +24,34 @@ def add_preference_to_user(apps, schema_editor):  # pylint: disable=unused-argum
 class Migration(migrations.Migration):  # pylint: disable=missing-docstring

    dependencies = [
-        ('auth', '0009_alter_user_last_name_max_length'),
-        ('ivataraccount', '0007_auto_20180627_0624'),
+        ("auth", "0009_alter_user_last_name_max_length"),
+        ("ivataraccount", "0007_auto_20180627_0624"),
    ]

    operations = [
        migrations.CreateModel(
-            name='UserPreference',
+            name="UserPreference",
            fields=[
-                ('theme', models.CharField(
-                    choices=[
-                        ('default', 'Default theme'),
-                        ('clime', 'Climes theme')],
-                    default='default', max_length=10)),
-                ('user', models.OneToOneField(
-                    on_delete=django.db.models.deletion.CASCADE,
-                    primary_key=True,
-                    serialize=False,
-                    to=settings.AUTH_USER_MODEL)),
+                (
+                    "theme",
+                    models.CharField(
+                        choices=[
+                            ("default", "Default theme"),
+                            ("clime", "Climes theme"),
+                        ],
+                        default="default",
+                        max_length=10,
+                    ),
+                ),
+                (
+                    "user",
+                    models.OneToOneField(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        primary_key=True,
+                        serialize=False,
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
            ],
        ),
        migrations.RunPython(add_preference_to_user),
--- a/ivatar/ivataraccount/migrations/0009_auto_20180705_1152.py
+++ b/ivatar/ivataraccount/migrations/0009_auto_20180705_1152.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.6 on 2018-07-05 11:52

 from django.db import migrations, models
@@ -6,13 +7,21 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0008_userpreference'),
+        ("ivataraccount", "0008_userpreference"),
    ]

    operations = [
        migrations.AlterField(
-            model_name='userpreference',
-            name='theme',
-            field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('falko', 'falkos theme')], default='default', max_length=10),
+            model_name="userpreference",
+            name="theme",
+            field=models.CharField(
+                choices=[
+                    ("default", "Default theme"),
+                    ("clime", "climes theme"),
+                    ("falko", "falkos theme"),
+                ],
+                default="default",
+                max_length=10,
+            ),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0010_auto_20180705_1201.py
+++ b/ivatar/ivataraccount/migrations/0010_auto_20180705_1201.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.0.6 on 2018-07-05 12:01

 from django.db import migrations, models
@@ -6,13 +7,17 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0009_auto_20180705_1152'),
+        ("ivataraccount", "0009_auto_20180705_1152"),
    ]

    operations = [
        migrations.AlterField(
-            model_name='userpreference',
-            name='theme',
-            field=models.CharField(choices=[('default', 'Default theme'), ('falko', 'falkos theme')], default='default', max_length=10),
+            model_name="userpreference",
+            name="theme",
+            field=models.CharField(
+                choices=[("default", "Default theme"), ("falko", "falkos theme")],
+                default="default",
+                max_length=10,
+            ),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0011_auto_20181107_1550.py
+++ b/ivatar/ivataraccount/migrations/0011_auto_20181107_1550.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.1.3 on 2018-11-07 15:50

 from django.db import migrations, models
@@ -6,18 +7,26 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0010_auto_20180705_1201'),
+        ("ivataraccount", "0010_auto_20180705_1201"),
    ]

    operations = [
        migrations.AddField(
-            model_name='photo',
-            name='access_count',
+            model_name="photo",
+            name="access_count",
            field=models.BigIntegerField(default=0, editable=False),
        ),
        migrations.AlterField(
-            model_name='userpreference',
-            name='theme',
-            field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('falko', 'falkos theme')], default='default', max_length=10),
+            model_name="userpreference",
+            name="theme",
+            field=models.CharField(
+                choices=[
+                    ("default", "Default theme"),
+                    ("clime", "climes theme"),
+                    ("falko", "falkos theme"),
+                ],
+                default="default",
+                max_length=10,
+            ),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0012_auto_20181107_1732.py
+++ b/ivatar/ivataraccount/migrations/0012_auto_20181107_1732.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.1.3 on 2018-11-07 17:32

 from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0011_auto_20181107_1550'),
+        ("ivataraccount", "0011_auto_20181107_1550"),
    ]

    operations = [
        migrations.AddField(
-            model_name='confirmedemail',
-            name='access_count',
+            model_name="confirmedemail",
+            name="access_count",
            field=models.BigIntegerField(default=0, editable=False),
        ),
        migrations.AddField(
-            model_name='confirmedopenid',
-            name='access_count',
+            model_name="confirmedopenid",
+            name="access_count",
            field=models.BigIntegerField(default=0, editable=False),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0013_auto_20181203_1421.py
+++ b/ivatar/ivataraccount/migrations/0013_auto_20181203_1421.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.1.3 on 2018-12-03 14:21

 from django.db import migrations, models
@@ -6,13 +7,22 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0012_auto_20181107_1732'),
+        ("ivataraccount", "0012_auto_20181107_1732"),
    ]

    operations = [
        migrations.AlterField(
-            model_name='userpreference',
-            name='theme',
-            field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('green', 'green theme'), ('red', 'red theme')], default='default', max_length=10),
+            model_name="userpreference",
+            name="theme",
+            field=models.CharField(
+                choices=[
+                    ("default", "Default theme"),
+                    ("clime", "climes theme"),
+                    ("green", "green theme"),
+                    ("red", "red theme"),
+                ],
+                default="default",
+                max_length=10,
+            ),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0014_auto_20190218_1602.py
+++ b/ivatar/ivataraccount/migrations/0014_auto_20190218_1602.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 2.1.5 on 2019-02-18 16:02

 from django.db import migrations
@@ -6,12 +7,15 @@ from django.db import migrations
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0013_auto_20181203_1421'),
+        ("ivataraccount", "0013_auto_20181203_1421"),
    ]

    operations = [
        migrations.AlterModelOptions(
-            name='unconfirmedemail',
-            options={'verbose_name': 'unconfirmed email', 'verbose_name_plural': 'unconfirmed emails'},
+            name="unconfirmedemail",
+            options={
+                "verbose_name": "unconfirmed email",
+                "verbose_name_plural": "unconfirmed emails",
+            },
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0015_auto_20200225_0934.py
+++ b/ivatar/ivataraccount/migrations/0015_auto_20200225_0934.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 3.0.3 on 2020-02-25 09:34

 from django.db import migrations, models
@@ -6,23 +7,23 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0014_auto_20190218_1602'),
+        ("ivataraccount", "0014_auto_20190218_1602"),
    ]

    operations = [
        migrations.AddField(
-            model_name='confirmedopenid',
-            name='alt_digest1',
+            model_name="confirmedopenid",
+            name="alt_digest1",
            field=models.CharField(blank=True, default=None, max_length=64, null=True),
        ),
        migrations.AddField(
-            model_name='confirmedopenid',
-            name='alt_digest2',
+            model_name="confirmedopenid",
+            name="alt_digest2",
            field=models.CharField(blank=True, default=None, max_length=64, null=True),
        ),
        migrations.AddField(
-            model_name='confirmedopenid',
-            name='alt_digest3',
+            model_name="confirmedopenid",
+            name="alt_digest3",
            field=models.CharField(blank=True, default=None, max_length=64, null=True),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0016_auto_20210413_0904.py
+++ b/ivatar/ivataraccount/migrations/0016_auto_20210413_0904.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 3.1.7 on 2021-04-13 09:04

 from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0015_auto_20200225_0934'),
+        ("ivataraccount", "0015_auto_20200225_0934"),
    ]

    operations = [
        migrations.AddField(
-            model_name='unconfirmedemail',
-            name='last_send_date',
+            model_name="unconfirmedemail",
+            name="last_send_date",
            field=models.DateTimeField(blank=True, null=True),
        ),
        migrations.AddField(
-            model_name='unconfirmedemail',
-            name='last_status',
+            model_name="unconfirmedemail",
+            name="last_status",
            field=models.TextField(blank=True, max_length=2047, null=True),
        ),
    ]
--- a/ivatar/ivataraccount/migrations/0017_auto_20210528_1314.py
+++ b/ivatar/ivataraccount/migrations/0017_auto_20210528_1314.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 # Generated by Django 3.2.3 on 2021-05-28 13:14

 from django.db import migrations, models
@@ -6,43 +7,57 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('ivataraccount', '0016_auto_20210413_0904'),
+        ("ivataraccount", "0016_auto_20210413_0904"),
    ]

    operations = [
        migrations.AlterField(
-            model_name='confirmedemail',
-            name='id',
-            field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+            model_name="confirmedemail",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
        ),
        migrations.AlterField(
-            model_name='confirmedopenid',
-            name='id',
-            field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+            model_name="confirmedopenid",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
        ),
        migrations.AlterField(
-            model_name='openidassociation',
-            name='id',
-            field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+            model_name="openidassociation",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
        ),
        migrations.AlterField(
-            model_name='openidnonce',
-            name='id',
-            field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+            model_name="openidnonce",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
        ),
        migrations.AlterField(
-            model_name='photo',
-            name='id',
-            field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+            model_name="photo",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
        ),
        migrations.AlterField(
-            model_name='unconfirmedemail',
-            name='id',
-            field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+            model_name="unconfirmedemail",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
        ),
        migrations.AlterField(
-            model_name='unconfirmedopenid',
-            name='id',
-            field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+            model_name="unconfirmedopenid",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
        ),
    ]
--- a/ivatar/ivataraccount/models.py
+++ b/ivatar/ivataraccount/models.py
@@ -11,6 +11,7 @@ from os import urandom
 from urllib.error import HTTPError, URLError
 from ivatar.utils import urlopen, Bluesky
 from urllib.parse import urlsplit, urlunsplit, quote
+import logging

 from PIL import Image
 from django.contrib.auth.models import User
@@ -30,13 +31,16 @@ from openid.store.interface import OpenIDStore

 from libravatar import libravatar_url

-from ivatar.settings import MAX_LENGTH_EMAIL, logger
+from ivatar.settings import MAX_LENGTH_EMAIL
 from ivatar.settings import MAX_PIXELS, AVATAR_MAX_SIZE, JPEG_QUALITY
 from ivatar.settings import MAX_LENGTH_URL
 from ivatar.settings import SECURE_BASE_URL, SITE_NAME, DEFAULT_FROM_EMAIL
 from ivatar.utils import openid_variations
 from .gravatar import get_photo as get_gravatar_photo

+# Initialize logger
+logger = logging.getLogger("ivatar")
+

 def file_format(image_type):
    """
@@ -154,10 +158,12 @@ class Photo(BaseAccountModel):
        try:
            image = urlopen(image_url)
        except HTTPError as exc:
-            print(f"{service_name} import failed with an HTTP error: {exc.code}")
+            logger.warning(
+                f"{service_name} import failed with an HTTP error: {exc.code}"
+            )
            return False
        except URLError as exc:
-            print(f"{service_name} import failed: {exc.reason}")
+            logger.warning(f"{service_name} import failed: {exc.reason}")
            return False
        data = image.read()

@@ -169,7 +175,7 @@ class Photo(BaseAccountModel):

        self.format = file_format(img.format)
        if not self.format:
-            print(f"Unable to determine format: {img}")
+            logger.warning(f"Unable to determine format: {img}")
            return False  # pragma: no cover
        self.data = data
        super().save()
@@ -186,11 +192,11 @@ class Photo(BaseAccountModel):
            img = Image.open(BytesIO(self.data))
        except Exception as exc:  # pylint: disable=broad-except
            # For debugging only
-            print(f"Exception caught in Photo.save(): {exc}")
+            logger.error(f"Exception caught in Photo.save(): {exc}")
            return False
        self.format = file_format(img.format)
        if not self.format:
-            print("Format not recognized")
+            logger.error("Format not recognized")
            return False
        return super().save(force_insert, force_update, using, update_fields)

--- a/ivatar/ivataraccount/views.py
+++ b/ivatar/ivataraccount/views.py
@@ -10,6 +10,7 @@ import binascii
 import contextlib
 from xml.sax import saxutils
 import gzip
+import logging

 from PIL import Image

@@ -61,6 +62,10 @@ from .models import UserPreference
 from .models import file_format
 from .read_libravatar_export import read_gzdata as libravatar_read_gzdata

+# Initialize loggers
+logger = logging.getLogger("ivatar")
+security_logger = logging.getLogger("ivatar.security")
+

 def openid_logging(message, level=0):
    """
@@ -69,7 +74,7 @@ def openid_logging(message, level=0):
    # Normal messages are not that important
    # No need for coverage here
    if level > 0:  # pragma: no cover
-        print(message)
+        logger.debug(message)


 class CreateView(SuccessMessageMixin, FormView):
@@ -505,7 +510,7 @@ class ImportPhotoView(SuccessMessageMixin, TemplateView):
                try:
                    urlopen(libravatar_service_url)
                except OSError as exc:
-                    print(f"Exception caught during photo import: {exc}")
+                    logger.warning(f"Exception caught during photo import: {exc}")
                else:
                    context["photos"].append(
                        {
@@ -717,7 +722,7 @@ class RemoveConfirmedOpenIDView(View):
                openidobj.delete()
            except Exception as exc:  # pylint: disable=broad-except
                # Why it is not there?
-                print(f"How did we get here: {exc}")
+                logger.warning(f"How did we get here: {exc}")
            openid.delete()
            messages.success(request, _("ID removed"))
        except self.model.DoesNotExist:  # pylint: disable=no-member
@@ -766,7 +771,7 @@ class RedirectOpenIDView(View):
                    "message": exc,
                }
            )
-            print(f"message: {msg}")
+            logger.error(f"message: {msg}")
            messages.error(request, msg)

        if auth_request is None:  # pragma: no cover
@@ -1036,7 +1041,7 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
                        try:
                            data = base64.decodebytes(bytes(request.POST[arg], "utf-8"))
                        except binascii.Error as exc:
-                            print(f"Cannot decode photo: {exc}")
+                            logger.warning(f"Cannot decode photo: {exc}")
                            continue
                        try:
                            pilobj = Image.open(BytesIO(data))
@@ -1050,7 +1055,7 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
                            photo.data = out.read()
                            photo.save()
                        except Exception as exc:  # pylint: disable=broad-except
-                            print(f"Exception during save: {exc}")
+                            logger.error(f"Exception during save: {exc}")
                            continue

                return HttpResponseRedirect(reverse_lazy("profile"))
@@ -1177,7 +1182,7 @@ class ProfileView(TemplateView):
                openid=openids.first().claimed_id
            ).exists():
                return
-            print(f"need to confirm: {openids.first()}")
+            logger.debug(f"need to confirm: {openids.first()}")
            confirmed = ConfirmedOpenId()
            confirmed.user = self.request.user
            confirmed.ip_address = get_client_ip(self.request)[0]
--- a/ivatar/settings.py
+++ b/ivatar/settings.py
@@ -13,6 +13,11 @@ logger.setLevel(log_level)
 PACKAGE_ROOT = os.path.abspath(os.path.dirname(__file__))
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

+# Logging directory - can be overridden in local config
+LOGS_DIR = os.path.join(BASE_DIR, "logs")
+
+# Ensure logs directory exists
+os.makedirs(LOGS_DIR, exist_ok=True)

 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = "=v(+-^t#ahv^a&&e)uf36g8algj$d1@6ou^w(r0@%)#8mlc*zk"
@@ -22,6 +27,77 @@ DEBUG = True

 ALLOWED_HOSTS = []

+# Comprehensive Logging Configuration
+LOGGING = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "verbose": {
+            "format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}",
+            "style": "{",
+        },
+        "simple": {
+            "format": "{levelname} {asctime} {message}",
+            "style": "{",
+        },
+        "detailed": {
+            "format": "{levelname} {asctime} {name} {module} {funcName} {lineno:d} {message}",
+            "style": "{",
+        },
+    },
+    "handlers": {
+        "file": {
+            "level": "INFO",
+            "class": "logging.FileHandler",
+            "filename": os.path.join(LOGS_DIR, "ivatar.log"),
+            "formatter": "verbose",
+        },
+        "file_debug": {
+            "level": "DEBUG",
+            "class": "logging.FileHandler",
+            "filename": os.path.join(LOGS_DIR, "ivatar_debug.log"),
+            "formatter": "detailed",
+        },
+        "console": {
+            "level": "DEBUG" if DEBUG else "INFO",
+            "class": "logging.StreamHandler",
+            "formatter": "simple",
+        },
+        "security": {
+            "level": "WARNING",
+            "class": "logging.FileHandler",
+            "filename": os.path.join(LOGS_DIR, "security.log"),
+            "formatter": "detailed",
+        },
+    },
+    "loggers": {
+        "ivatar": {
+            "handlers": ["file", "console"],
+            "level": "INFO",
+            "propagate": True,
+        },
+        "ivatar.security": {
+            "handlers": ["security", "console"],
+            "level": "WARNING",
+            "propagate": False,
+        },
+        "ivatar.debug": {
+            "handlers": ["file_debug"],
+            "level": "DEBUG",
+            "propagate": False,
+        },
+        "django.security": {
+            "handlers": ["security"],
+            "level": "WARNING",
+            "propagate": False,
+        },
+    },
+    "root": {
+        "handlers": ["console"],
+        "level": "INFO",
+    },
+}
+

 # Application definition

@@ -103,12 +179,26 @@ AUTH_PASSWORD_VALIDATORS = [
 ]

 # Password Hashing (more secure)
-PASSWORD_HASHERS = [
-    # This isn't working in older Python environments
-    # "django.contrib.auth.hashers.Argon2PasswordHasher",
-    "django.contrib.auth.hashers.PBKDF2PasswordHasher",
-    "django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
-]
+# Try to use Argon2PasswordHasher with high security settings, fallback to PBKDF2
+PASSWORD_HASHERS = []
+
+# Try Argon2 first (requires Python 3.6+ and argon2-cffi package)
+try:
+    import argon2  # noqa: F401
+
+    PASSWORD_HASHERS.append("django.contrib.auth.hashers.Argon2PasswordHasher")
+except ImportError:
+    # Fallback for CentOS 7 / older systems without argon2-cffi
+    pass
+
+# Always include PBKDF2 as fallback
+PASSWORD_HASHERS.extend(
+    [
+        "django.contrib.auth.hashers.PBKDF2PasswordHasher",
+        # Keep PBKDF2SHA1 for existing password compatibility only
+        "django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
+    ]
+)

 # Security Settings
 SECURE_BROWSER_XSS_FILTER = True
--- a/ivatar/static/css/bootstrap.min.css
+++ b/ivatar/static/css/bootstrap.min.css
--- a/ivatar/static/css/clime.css
+++ b/ivatar/static/css/clime.css
--- a/ivatar/static/css/cropper.min.css
+++ b/ivatar/static/css/cropper.min.css
@@ -0,0 +1,265 @@
+/*!
+ * Cropper.js v1.6.2
+ * https://fengyuanchen.github.io/cropperjs
+ *
+ * Copyright 2015-present Chen Fengyuan
+ * Released under the MIT license
+ *
+ * Date: 2024-04-21T07:43:02.731Z
+ */
+.cropper-container {
+  -webkit-touch-callout: none;
+  direction: ltr;
+  font-size: 0;
+  line-height: 0;
+  position: relative;
+  -ms-touch-action: none;
+  touch-action: none;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  -ms-user-select: none;
+  user-select: none;
+}
+.cropper-container img {
+  backface-visibility: hidden;
+  display: block;
+  height: 100%;
+  image-orientation: 0deg;
+  max-height: none !important;
+  max-width: none !important;
+  min-height: 0 !important;
+  min-width: 0 !important;
+  width: 100%;
+}
+.cropper-canvas,
+.cropper-crop-box,
+.cropper-drag-box,
+.cropper-modal,
+.cropper-wrap-box {
+  bottom: 0;
+  left: 0;
+  position: absolute;
+  right: 0;
+  top: 0;
+}
+.cropper-canvas,
+.cropper-wrap-box {
+  overflow: hidden;
+}
+.cropper-drag-box {
+  background-color: #fff;
+  opacity: 0;
+}
+.cropper-modal {
+  background-color: #000;
+  opacity: 0.5;
+}
+.cropper-view-box {
+  display: block;
+  height: 100%;
+  outline: 1px solid #39f;
+  outline-color: rgba(51, 153, 255, 0.75);
+  overflow: hidden;
+  width: 100%;
+}
+.cropper-dashed {
+  border: 0 dashed #eee;
+  display: block;
+  opacity: 0.5;
+  position: absolute;
+}
+.cropper-dashed.dashed-h {
+  border-bottom-width: 1px;
+  border-top-width: 1px;
+  height: 33.33333%;
+  left: 0;
+  top: 33.33333%;
+  width: 100%;
+}
+.cropper-dashed.dashed-v {
+  border-left-width: 1px;
+  border-right-width: 1px;
+  height: 100%;
+  left: 33.33333%;
+  top: 0;
+  width: 33.33333%;
+}
+.cropper-center {
+  display: block;
+  height: 0;
+  left: 50%;
+  opacity: 0.75;
+  position: absolute;
+  top: 50%;
+  width: 0;
+}
+.cropper-center:after,
+.cropper-center:before {
+  background-color: #eee;
+  content: " ";
+  display: block;
+  position: absolute;
+}
+.cropper-center:before {
+  height: 1px;
+  left: -3px;
+  top: 0;
+  width: 7px;
+}
+.cropper-center:after {
+  height: 7px;
+  left: 0;
+  top: -3px;
+  width: 1px;
+}
+.cropper-face,
+.cropper-line,
+.cropper-point {
+  display: block;
+  height: 100%;
+  opacity: 0.1;
+  position: absolute;
+  width: 100%;
+}
+.cropper-face {
+  background-color: #fff;
+  left: 0;
+  top: 0;
+}
+.cropper-line {
+  background-color: #39f;
+}
+.cropper-line.line-e {
+  cursor: ew-resize;
+  right: -3px;
+  top: 0;
+  width: 5px;
+}
+.cropper-line.line-n {
+  cursor: ns-resize;
+  height: 5px;
+  left: 0;
+  top: -3px;
+}
+.cropper-line.line-w {
+  cursor: ew-resize;
+  left: -3px;
+  top: 0;
+  width: 5px;
+}
+.cropper-line.line-s {
+  bottom: -3px;
+  cursor: ns-resize;
+  height: 5px;
+  left: 0;
+}
+.cropper-point {
+  background-color: #39f;
+  height: 5px;
+  opacity: 0.75;
+  width: 5px;
+}
+.cropper-point.point-e {
+  cursor: ew-resize;
+  margin-top: -3px;
+  right: -3px;
+  top: 50%;
+}
+.cropper-point.point-n {
+  cursor: ns-resize;
+  left: 50%;
+  margin-left: -3px;
+  top: -3px;
+}
+.cropper-point.point-w {
+  cursor: ew-resize;
+  left: -3px;
+  margin-top: -3px;
+  top: 50%;
+}
+.cropper-point.point-s {
+  bottom: -3px;
+  cursor: s-resize;
+  left: 50%;
+  margin-left: -3px;
+}
+.cropper-point.point-ne {
+  cursor: nesw-resize;
+  right: -3px;
+  top: -3px;
+}
+.cropper-point.point-nw {
+  cursor: nwse-resize;
+  left: -3px;
+  top: -3px;
+}
+.cropper-point.point-sw {
+  bottom: -3px;
+  cursor: nesw-resize;
+  left: -3px;
+}
+.cropper-point.point-se {
+  bottom: -3px;
+  cursor: nwse-resize;
+  height: 20px;
+  opacity: 1;
+  right: -3px;
+  width: 20px;
+}
+@media (min-width: 768px) {
+  .cropper-point.point-se {
+    height: 15px;
+    width: 15px;
+  }
+}
+@media (min-width: 992px) {
+  .cropper-point.point-se {
+    height: 10px;
+    width: 10px;
+  }
+}
+@media (min-width: 1200px) {
+  .cropper-point.point-se {
+    height: 5px;
+    opacity: 0.75;
+    width: 5px;
+  }
+}
+.cropper-point.point-se:before {
+  background-color: #39f;
+  bottom: -50%;
+  content: " ";
+  display: block;
+  height: 200%;
+  opacity: 0;
+  position: absolute;
+  right: -50%;
+  width: 200%;
+}
+.cropper-invisible {
+  opacity: 0;
+}
+.cropper-bg {
+  background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAAA3NCSVQICAjb4U/gAAAABlBMVEXMzMz////TjRV2AAAACXBIWXMAAArrAAAK6wGCiw1aAAAAHHRFWHRTb2Z0d2FyZQBBZG9iZSBGaXJld29ya3MgQ1M26LyyjAAAABFJREFUCJlj+M/AgBVhF/0PAH6/D/HkDxOGAAAAAElFTkSuQmCC");
+}
+.cropper-hide {
+  display: block;
+  height: 0;
+  position: absolute;
+  width: 0;
+}
+.cropper-hidden {
+  display: none !important;
+}
+.cropper-move {
+  cursor: move;
+}
+.cropper-crop {
+  cursor: crosshair;
+}
+.cropper-disabled .cropper-drag-box,
+.cropper-disabled .cropper-face,
+.cropper-disabled .cropper-line,
+.cropper-disabled .cropper-point {
+  cursor: not-allowed;
+}
--- a/ivatar/static/css/green.css
+++ b/ivatar/static/css/green.css
--- a/ivatar/static/css/jcrop.css
+++ b/ivatar/static/css/jcrop.css
@@ -1,2 +1,146 @@
 /* jquery.Jcrop.min.css v0.9.15 (build:20180819) */
-.jcrop-holder{direction:ltr;text-align:left;-ms-touch-action:none}.jcrop-hline,.jcrop-vline{background:#fff url(Jcrop.gif);font-size:0;position:absolute}.jcrop-vline{height:100%;width:1px!important}.jcrop-vline.right{right:0}.jcrop-hline{height:1px!important;width:100%}.jcrop-hline.bottom{bottom:0}.jcrop-tracker{height:100%;width:100%;-webkit-tap-highlight-color:transparent;-webkit-touch-callout:none;-webkit-user-select:none}.jcrop-handle{background-color:#333;border:1px #eee solid;width:7px;height:7px;font-size:1px}.jcrop-handle.ord-n{left:50%;margin-left:-4px;margin-top:-4px;top:0}.jcrop-handle.ord-s{bottom:0;left:50%;margin-bottom:-4px;margin-left:-4px}.jcrop-handle.ord-e{margin-right:-4px;margin-top:-4px;right:0;top:50%}.jcrop-handle.ord-w{left:0;margin-left:-4px;margin-top:-4px;top:50%}.jcrop-handle.ord-nw{left:0;margin-left:-4px;margin-top:-4px;top:0}.jcrop-handle.ord-ne{margin-right:-4px;margin-top:-4px;right:0;top:0}.jcrop-handle.ord-se{bottom:0;margin-bottom:-4px;margin-right:-4px;right:0}.jcrop-handle.ord-sw{bottom:0;left:0;margin-bottom:-4px;margin-left:-4px}.jcrop-dragbar.ord-n,.jcrop-dragbar.ord-s{height:7px;width:100%}.jcrop-dragbar.ord-e,.jcrop-dragbar.ord-w{height:100%;width:7px}.jcrop-dragbar.ord-n{margin-top:-4px}.jcrop-dragbar.ord-s{bottom:0;margin-bottom:-4px}.jcrop-dragbar.ord-e{margin-right:-4px;right:0}.jcrop-dragbar.ord-w{margin-left:-4px}.jcrop-light .jcrop-hline,.jcrop-light .jcrop-vline{background:#fff;filter:alpha(opacity=70)!important;opacity:.7!important}.jcrop-light .jcrop-handle{-moz-border-radius:3px;-webkit-border-radius:3px;background-color:#000;border-color:#fff;border-radius:3px}.jcrop-dark .jcrop-hline,.jcrop-dark .jcrop-vline{background:#000;filter:alpha(opacity=70)!important;opacity:.7!important}.jcrop-dark .jcrop-handle{-moz-border-radius:3px;-webkit-border-radius:3px;background-color:#fff;border-color:#000;border-radius:3px}.solid-line .jcrop-hline,.solid-line .jcrop-vline{background:#fff}.jcrop-holder img,img.jcrop-preview{max-width:none}
+.jcrop-holder {
+  direction: ltr;
+  text-align: left;
+  -ms-touch-action: none;
+}
+.jcrop-hline,
+.jcrop-vline {
+  background: #fff url(Jcrop.gif);
+  font-size: 0;
+  position: absolute;
+}
+.jcrop-vline {
+  height: 100%;
+  width: 1px !important;
+}
+.jcrop-vline.right {
+  right: 0;
+}
+.jcrop-hline {
+  height: 1px !important;
+  width: 100%;
+}
+.jcrop-hline.bottom {
+  bottom: 0;
+}
+.jcrop-tracker {
+  height: 100%;
+  width: 100%;
+  -webkit-tap-highlight-color: transparent;
+  -webkit-touch-callout: none;
+  -webkit-user-select: none;
+}
+.jcrop-handle {
+  background-color: #333;
+  border: 1px #eee solid;
+  width: 7px;
+  height: 7px;
+  font-size: 1px;
+}
+.jcrop-handle.ord-n {
+  left: 50%;
+  margin-left: -4px;
+  margin-top: -4px;
+  top: 0;
+}
+.jcrop-handle.ord-s {
+  bottom: 0;
+  left: 50%;
+  margin-bottom: -4px;
+  margin-left: -4px;
+}
+.jcrop-handle.ord-e {
+  margin-right: -4px;
+  margin-top: -4px;
+  right: 0;
+  top: 50%;
+}
+.jcrop-handle.ord-w {
+  left: 0;
+  margin-left: -4px;
+  margin-top: -4px;
+  top: 50%;
+}
+.jcrop-handle.ord-nw {
+  left: 0;
+  margin-left: -4px;
+  margin-top: -4px;
+  top: 0;
+}
+.jcrop-handle.ord-ne {
+  margin-right: -4px;
+  margin-top: -4px;
+  right: 0;
+  top: 0;
+}
+.jcrop-handle.ord-se {
+  bottom: 0;
+  margin-bottom: -4px;
+  margin-right: -4px;
+  right: 0;
+}
+.jcrop-handle.ord-sw {
+  bottom: 0;
+  left: 0;
+  margin-bottom: -4px;
+  margin-left: -4px;
+}
+.jcrop-dragbar.ord-n,
+.jcrop-dragbar.ord-s {
+  height: 7px;
+  width: 100%;
+}
+.jcrop-dragbar.ord-e,
+.jcrop-dragbar.ord-w {
+  height: 100%;
+  width: 7px;
+}
+.jcrop-dragbar.ord-n {
+  margin-top: -4px;
+}
+.jcrop-dragbar.ord-s {
+  bottom: 0;
+  margin-bottom: -4px;
+}
+.jcrop-dragbar.ord-e {
+  margin-right: -4px;
+  right: 0;
+}
+.jcrop-dragbar.ord-w {
+  margin-left: -4px;
+}
+.jcrop-light .jcrop-hline,
+.jcrop-light .jcrop-vline {
+  background: #fff;
+  filter: alpha(opacity=70) !important;
+  opacity: 0.7 !important;
+}
+.jcrop-light .jcrop-handle {
+  -moz-border-radius: 3px;
+  -webkit-border-radius: 3px;
+  background-color: #000;
+  border-color: #fff;
+  border-radius: 3px;
+}
+.jcrop-dark .jcrop-hline,
+.jcrop-dark .jcrop-vline {
+  background: #000;
+  filter: alpha(opacity=70) !important;
+  opacity: 0.7 !important;
+}
+.jcrop-dark .jcrop-handle {
+  -moz-border-radius: 3px;
+  -webkit-border-radius: 3px;
+  background-color: #fff;
+  border-color: #000;
+  border-radius: 3px;
+}
+.solid-line .jcrop-hline,
+.solid-line .jcrop-vline {
+  background: #fff;
+}
+.jcrop-holder img,
+img.jcrop-preview {
+  max-width: none;
+}
--- a/ivatar/static/css/red.css
+++ b/ivatar/static/css/red.css
--- a/ivatar/static/img/logo4hex/libravatar_org.svg
+++ b/ivatar/static/img/logo4hex/libravatar_org.svg
--- a/ivatar/static/img/logo4hex/libravatar_org_6.svg
+++ b/ivatar/static/img/logo4hex/libravatar_org_6.svg
--- a/ivatar/static/img/logo4hex/libravatar_org_process_blue.svg
+++ b/ivatar/static/img/logo4hex/libravatar_org_process_blue.svg
--- a/ivatar/static/img/logo4hex/libravatar_org_process_blue_6.svg
+++ b/ivatar/static/img/logo4hex/libravatar_org_process_blue_6.svg
--- a/ivatar/static/js/bootstrap.min.js
+++ b/ivatar/static/js/bootstrap.min.js
--- a/ivatar/static/js/cropper.min.js
+++ b/ivatar/static/js/cropper.min.js
--- a/ivatar/static/js/ivatar.js
+++ b/ivatar/static/js/ivatar.js
@@ -2,33 +2,33 @@

 // Autofocus the right field on forms
 if (document.forms.login) {
-    if (document.forms.login.username) {
-        document.forms.login.username.focus();
-    } else if (document.forms.login.openid_identifier) {
-        document.forms.login.openid_identifier.focus();
-    }
+  if (document.forms.login.username) {
+    document.forms.login.username.focus();
+  } else if (document.forms.login.openid_identifier) {
+    document.forms.login.openid_identifier.focus();
+  }
 } else if (document.forms.addemail) {
-    document.forms.addemail.email.focus();
+  document.forms.addemail.email.focus();
 } else if (document.forms.addopenid) {
-    document.forms.addopenid.openid.focus();
+  document.forms.addopenid.openid.focus();
 } else if (document.forms.changepassword) {
-    if(document.forms.changepassword.old_password) {
-      document.forms.changepassword.old_password.focus();
-    } else {
-      document.forms.changepassword.new_password1.focus();
-    }
+  if (document.forms.changepassword.old_password) {
+    document.forms.changepassword.old_password.focus();
+  } else {
+    document.forms.changepassword.new_password1.focus();
+  }
 } else if (document.forms.deleteaccount) {
-    if (document.forms.deleteaccount.password) {
-        document.forms.deleteaccount.password.focus();
-    }
+  if (document.forms.deleteaccount.password) {
+    document.forms.deleteaccount.password.focus();
+  }
 } else if (document.forms.lookup) {
-    if (document.forms.lookup.email) {
-        document.forms.lookup.email.focus();
-    } else if (document.forms.lookup.domain) {
-        document.forms.lookup.domain.focus();
-    }
+  if (document.forms.lookup.email) {
+    document.forms.lookup.email.focus();
+  } else if (document.forms.lookup.domain) {
+    document.forms.lookup.domain.focus();
+  }
 } else if (document.forms.newaccount) {
-    document.forms.newaccount.username.focus();
+  document.forms.newaccount.username.focus();
 } else if (document.forms.reset) {
-    document.forms.reset.email.focus();
+  document.forms.reset.email.focus();
 }
--- a/ivatar/static/js/jcrop.js
+++ b/ivatar/static/js/jcrop.js
--- a/ivatar/test_utils.py
+++ b/ivatar/test_utils.py
@@ -47,71 +47,67 @@ class Tester(TestCase):
        self.assertEqual(openid_variations(openid3)[3], openid3)

    def test_is_trusted_url(self):
-        test_gravatar_true = is_trusted_url("https://gravatar.com/avatar/63a75a80e6b1f4adfdb04c1ca02e596c", [
-            {
-                "schemes": [
-                    "http",
-                    "https"
-                ],
-                "host_equals": "gravatar.com",
-                "path_prefix": "/avatar/"
-            }
-        ])
+        test_gravatar_true = is_trusted_url(
+            "https://gravatar.com/avatar/63a75a80e6b1f4adfdb04c1ca02e596c",
+            [
+                {
+                    "schemes": ["http", "https"],
+                    "host_equals": "gravatar.com",
+                    "path_prefix": "/avatar/",
+                }
+            ],
+        )
        self.assertTrue(test_gravatar_true)

-        test_gravatar_false = is_trusted_url("https://gravatar.com.example.org/avatar/63a75a80e6b1f4adfdb04c1ca02e596c", [
-            {
-                "schemes": [
-                    "http",
-                    "https"
-                ],
-                "host_suffix": ".gravatar.com",
-                "path_prefix": "/avatar/"
-            }
-        ])
+        test_gravatar_false = is_trusted_url(
+            "https://gravatar.com.example.org/avatar/63a75a80e6b1f4adfdb04c1ca02e596c",
+            [
+                {
+                    "schemes": ["http", "https"],
+                    "host_suffix": ".gravatar.com",
+                    "path_prefix": "/avatar/",
+                }
+            ],
+        )
        self.assertFalse(test_gravatar_false)

-        test_open_redirect = is_trusted_url("https://github.com/SethFalco/?boop=https://secure.gravatar.com/avatar/205e460b479e2e5b48aec07710c08d50", [
-            {
-                "schemes": [
-                    "http",
-                    "https"
-                ],
-                "host_suffix": ".gravatar.com",
-                "path_prefix": "/avatar/"
-            }
-        ])
+        test_open_redirect = is_trusted_url(
+            "https://github.com/SethFalco/?boop=https://secure.gravatar.com/avatar/205e460b479e2e5b48aec07710c08d50",
+            [
+                {
+                    "schemes": ["http", "https"],
+                    "host_suffix": ".gravatar.com",
+                    "path_prefix": "/avatar/",
+                }
+            ],
+        )
        self.assertFalse(test_open_redirect)

-        test_multiple_filters = is_trusted_url("https://ui-avatars.com/api/blah", [
-            {
-                "schemes": [
-                    "https"
-                ],
-                "host_equals": "ui-avatars.com",
-                "path_prefix": "/api/"
-            },
-            {
-                "schemes": [
-                    "http",
-                    "https"
-                ],
-                "host_suffix": ".gravatar.com",
-                "path_prefix": "/avatar/"
-            }
-        ])
+        test_multiple_filters = is_trusted_url(
+            "https://ui-avatars.com/api/blah",
+            [
+                {
+                    "schemes": ["https"],
+                    "host_equals": "ui-avatars.com",
+                    "path_prefix": "/api/",
+                },
+                {
+                    "schemes": ["http", "https"],
+                    "host_suffix": ".gravatar.com",
+                    "path_prefix": "/avatar/",
+                },
+            ],
+        )
        self.assertTrue(test_multiple_filters)

-        test_url_prefix_true = is_trusted_url("https://ui-avatars.com/api/blah", [
-            {
-                "url_prefix": "https://ui-avatars.com/api/"
-            }
-        ])
+        test_url_prefix_true = is_trusted_url(
+            "https://ui-avatars.com/api/blah",
+            [{"url_prefix": "https://ui-avatars.com/api/"}],
+        )
        self.assertTrue(test_url_prefix_true)

-        test_url_prefix_false = is_trusted_url("https://ui-avatars.com/api/blah", [
-            {
-                "url_prefix": "https://gravatar.com/avatar/"
-            }
-        ])
+        test_url_prefix_false = is_trusted_url(
+            "https://ui-avatars.com/api/blah",
+            [{"url_prefix": "https://gravatar.com/avatar/"}],
+        )
        self.assertFalse(test_url_prefix_false)
--- a/ivatar/utils.py
+++ b/ivatar/utils.py
@@ -6,6 +6,7 @@ Simple module providing reusable random_string function
 import contextlib
 import random
 import string
+import logging
 from io import BytesIO
 from PIL import Image, ImageDraw, ImageSequence
 from urllib.parse import urlparse
@@ -13,6 +14,9 @@ import requests
 from ivatar.settings import DEBUG, URL_TIMEOUT
 from urllib.request import urlopen as urlopen_orig

+# Initialize logger
+logger = logging.getLogger("ivatar")
+
 BLUESKY_IDENTIFIER = None
 BLUESKY_APP_PASSWORD = None
 with contextlib.suppress(Exception):
@@ -88,7 +92,7 @@ class Bluesky:
            )
            profile_response.raise_for_status()
        except Exception as exc:
-            print(f"Bluesky profile fetch failed with HTTP error: {exc}")
+            logger.warning(f"Bluesky profile fetch failed with HTTP error: {exc}")
            return None

        return profile_response.json()
--- a/ivatar/views.py
+++ b/ivatar/views.py
@@ -7,6 +7,7 @@ import contextlib
 from io import BytesIO
 from os import path
 import hashlib
+import logging
 from ivatar.utils import urlopen, Bluesky
 from urllib.error import HTTPError, URLError
 from ssl import SSLError
@@ -38,6 +39,10 @@ from .ivataraccount.models import Photo
 from .ivataraccount.models import pil_format, file_format
 from .utils import is_trusted_url, mm_ng, resize_animated_gif

+# Initialize loggers
+logger = logging.getLogger("ivatar")
+security_logger = logging.getLogger("ivatar.security")
+

 def get_size(request, size=DEFAULT_AVATAR_SIZE):
    """
@@ -137,14 +142,14 @@ class AvatarImageView(TemplateView):

        if default is not None:
            if TRUSTED_DEFAULT_URLS is None:
-                print("Query parameter `default` is disabled.")
+                logger.warning("Query parameter `default` is disabled.")
                default = None
            elif default.find("://") > 0:
                # Check if it's trusted, if not, reset to None
                trusted_url = is_trusted_url(default, TRUSTED_DEFAULT_URLS)

                if not trusted_url:
-                    print(
+                    security_logger.warning(
                        f"Default URL is not in trusted URLs: '{default}'; Kicking it!"
                    )
                    default = None
@@ -373,7 +378,7 @@ class GravatarProxyView(View):
                if exc.code == 404:
                    cache.set(gravatar_test_url, "default", 60)
                else:
-                    print(f"Gravatar test url fetch failed: {exc}")
+                    logger.warning(f"Gravatar test url fetch failed: {exc}")
                return redir_default(default)

        gravatar_url = (
@@ -384,23 +389,25 @@ class GravatarProxyView(View):

        try:
            if cache.get(gravatar_url) == "err":
-                print(f"Cached Gravatar fetch failed with URL error: {gravatar_url}")
+                logger.warning(
+                    f"Cached Gravatar fetch failed with URL error: {gravatar_url}"
+                )
                return redir_default(default)

            gravatarimagedata = urlopen(gravatar_url)
        except HTTPError as exc:
            if exc.code not in [404, 503]:
-                print(
+                logger.warning(
                    f"Gravatar fetch failed with an unexpected {exc.code} HTTP error: {gravatar_url}"
                )
            cache.set(gravatar_url, "err", 30)
            return redir_default(default)
        except URLError as exc:
-            print(f"Gravatar fetch failed with URL error: {exc.reason}")
+            logger.warning(f"Gravatar fetch failed with URL error: {exc.reason}")
            cache.set(gravatar_url, "err", 30)
            return redir_default(default)
        except SSLError as exc:
-            print(f"Gravatar fetch failed with SSL error: {exc.reason}")
+            logger.warning(f"Gravatar fetch failed with SSL error: {exc.reason}")
            cache.set(gravatar_url, "err", 30)
            return redir_default(default)
        try:
@@ -416,7 +423,7 @@ class GravatarProxyView(View):
            return response

        except ValueError as exc:
-            print(f"Value error: {exc}")
+            logger.error(f"Value error: {exc}")
            return redir_default(default)

        # We shouldn't reach this point... But make sure we do something
@@ -446,7 +453,7 @@ class BlueskyProxyView(View):
            return HttpResponseRedirect(url)

        size = get_size(request)
-        print(size)
+        logger.debug(f"Bluesky avatar size requested: {size}")
        blueskyimagedata = None
        default = None

@@ -461,7 +468,7 @@ class BlueskyProxyView(View):
                Q(digest=kwargs["digest"]) | Q(digest_sha256=kwargs["digest"])
            ).first()
        except Exception as exc:
-            print(exc)
+            logger.warning(f"Exception: {exc}")

        # If no identity is found in the email table, try the openid table
        if not identity:
@@ -473,7 +480,7 @@ class BlueskyProxyView(View):
                    | Q(alt_digest3=kwargs["digest"])
                ).first()
            except Exception as exc:
-                print(exc)
+                logger.warning(f"Exception: {exc}")

        # If still no identity is found, redirect to the default
        if not identity:
@@ -494,7 +501,9 @@ class BlueskyProxyView(View):

        try:
            if cache.get(bluesky_url) == "err":
-                print(f"Cached Bluesky fetch failed with URL error: {bluesky_url}")
+                logger.warning(
+                    f"Cached Bluesky fetch failed with URL error: {bluesky_url}"
+                )
                return redir_default(default)

            blueskyimagedata = urlopen(bluesky_url)
@@ -506,11 +515,11 @@ class BlueskyProxyView(View):
            cache.set(bluesky_url, "err", 30)
            return redir_default(default)
        except URLError as exc:
-            print(f"Bluesky fetch failed with URL error: {exc.reason}")
+            logger.warning(f"Bluesky fetch failed with URL error: {exc.reason}")
            cache.set(bluesky_url, "err", 30)
            return redir_default(default)
        except SSLError as exc:
-            print(f"Bluesky fetch failed with SSL error: {exc.reason}")
+            logger.warning(f"Bluesky fetch failed with SSL error: {exc.reason}")
            cache.set(bluesky_url, "err", 30)
            return redir_default(default)
        try:
@@ -536,7 +545,7 @@ class BlueskyProxyView(View):
            response["Vary"] = ""
            return response
        except ValueError as exc:
-            print(f"Value error: {exc}")
+            logger.error(f"Value error: {exc}")
            return redir_default(default)

        # We shouldn't reach this point... But make sure we do something
--- a/ivatar/wsgi.py
+++ b/ivatar/wsgi.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 """
 WSGI config for ivatar project.

--- a/manage.py
+++ b/manage.py
@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+# -*- coding: utf-8 -*-
 import os
 import sys

--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
+argon2-cffi>=21.3.0
 autopep8
 bcrypt
 defusedxml