kallithea Changeset - 9db7782727b3

Changeset - 9db7782727b3

Parent rev.

Child rev.

[Not reviewed]

default

0 5 0

Marcin Kuzminski - 16 years ago 2010-04-07 19:39:31
marcin@python-blog.com

Static files for production fixed
Error handler for debug on, added
admin auth function authenticates only admins
changed creation of db

5 files changed with 33 insertions and 14 deletions:

development.ini

production.ini

pylons_app/config/middleware.py

pylons_app/controllers/admin.py

pylons_app/lib/auth.py

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -35,13 +35,12 @@ repos_name = etelko @@
 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
 ## execute malicious code after an exception is raised.                       ##
 ################################################################################
 #set debug = false
 ################################
 ### LOGGING CONFIGURATION   ####
 ################################
 [loggers]
 keys = root, routes, pylons_app, sqlalchemy
@@ @@ -88,8 +87,8 @@ formatter = generic @@
 ################
 ## FORMATTERS ##
 ################
 [formatter_generic]
 format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
 datefmt = %H:%M:%S
+datefmt = %Y-%m-%d %H:%M:%S

production.ini

➞

Show inline comments

@@ @@ -23,13 +23,13 @@ use = egg:Paste#http @@
 host = 127.0.0.1
 port = 8001
 [app:main]
 use = egg:pylons_app
 full_stack = true
-static_files = false
+static_files = true
 lang=en
 cache_dir = %(here)s/data
 repos_name = etelko
 ################################################################################
 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
@@ @@ -87,8 +87,8 @@ formatter = generic @@
 ################
 ## FORMATTERS ##
 ################
 [formatter_generic]
 format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
 datefmt = %H:%M:%S
+datefmt = %Y-%m-%d %H:%M:%S

pylons_app/config/middleware.py

➞

Show inline comments

@@ @@ -49,13 +49,13 @@ def make_app(global_conf, full_stack=Tru @@
         app = ErrorHandler(app, global_conf, **config['pylons.errorware'])
         # Display error documents for 401, 403, 404 status codes (and
         # 500 when debug is disabled)
         if asbool(config['debug']):
             #don't handle 404, since mercurial does it for us.
             app = StatusCodeRedirect(app, [400, 401, 403])
+            app = StatusCodeRedirect(app, [400, 401, 403, 500])
         else:
             app = StatusCodeRedirect(app, [400, 401, 403, 500])
     # Establish the Registry for this application
     app = RegistryManager(app)

pylons_app/controllers/admin.py

➞

Show inline comments

@@ @@ -27,14 +27,13 @@ class AdminController(BaseController): @@
         if request.POST:
             #import Login Form validator class
             login_form = LoginForm()
             try:
                 c.form_result = login_form.to_python(dict(request.params))
                 if auth.authfunc(None, c.form_result['username'], c.form_result['password']) and\
                     c.form_result['username'] == 'admin':
                 if auth.admin_auth(c.form_result['username'], c.form_result['password']):
                     session['admin_user'] = True
                     session['admin_username'] = c.form_result['username']
                     session.save()
                     return redirect(url('admin_home'))
                 else:
                     raise formencode.Invalid('Login Error', None, None,

pylons_app/lib/auth.py

➞

Show inline comments

@@ @@ -10,12 +10,34 @@ ROOT = dn(dn(dn(os.path.realpath(__file_ @@
 def get_sqlite_conn_cur():
     conn = sqlite3.connect(os.path.join(ROOT, 'auth.sqlite'))
     cur = conn.cursor()
     return conn, cur
 def admin_auth(username, password):
     conn, cur = get_sqlite_conn_cur()
     password_crypt = crypt.crypt(password, '6a')
     try:
         cur.execute("SELECT * FROM users WHERE username=?", (username,))
         data = cur.fetchone()
     except sqlite3.OperationalError as e:
         data = None
         log.error(e)
     if data:
         if data[3]:
             if data[1] == username and data[2] == password_crypt and data[4]:
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.error('user %s is disabled', username)
     return False
 def authfunc(environ, username, password):
     conn, cur = get_sqlite_conn_cur()
     password_crypt = crypt.crypt(password, '6a')
     try:
         cur.execute("SELECT * FROM users WHERE username=?", (username,))
@@ @@ -62,13 +84,14 @@ def create_user_table(): @@
         log.info('creating table %s', 'users')
         cur.execute('''DROP TABLE IF EXISTS users ''')
         cur.execute('''CREATE TABLE users
                         (id INTEGER PRIMARY KEY AUTOINCREMENT,
                          username TEXT,
                          password TEXT,
                          active INTEGER)''')
                          active INTEGER,
                          admin INTEGER)''')
         log.info('creating table %s', 'user_logs')
         cur.execute('''DROP TABLE IF EXISTS user_logs ''')
         cur.execute('''CREATE TABLE user_logs
                         (id INTEGER PRIMARY KEY AUTOINCREMENT,
                             user_id INTEGER,
                             last_action TEXT,
@@ @@ -77,32 +100,30 @@ def create_user_table(): @@
     except:
         conn.rollback()
         raise
     cur.close()
 def create_user(username, password):
+def create_user(username, password, admin=False):
     conn, cur = get_sqlite_conn_cur()
     password_crypt = crypt.crypt(password, '6a')
     cur_date = datetime.now()
     log.info('creating user %s', username)
     try:
         cur.execute('''INSERT INTO users values (?,?,?,?) ''',
                     (None, username, password_crypt, 1,))
         cur.execute('''INSERT INTO users values (?,?,?,?,?) ''',
                     (None, username, password_crypt, 1, admin))
         conn.commit()
     except:
         conn.rollback()
         raise
 if __name__ == "__main__":
     create_user_table()
     create_user('marcink', 'qweqwe')
+    create_user('marcink', 'qweqwe', True)
     create_user('lukaszd', 'qweqwe')
     create_user('adriand', 'qweqwe')
     create_user('radek', 'qweqwe')
     create_user('skrzeka', 'qweqwe')
     create_user('bart', 'qweqwe')
     create_user('maho', 'qweqwe')
     create_user('michalg', 'qweqwe')
     create_user('admin', 'qwe123qwe')
     #authfunc('', 'marcink', 'qweqwe')

0 comments (0 inline, 0 general)