kallithea Files · docs/usage/backup.rst

Files @ 8b47181750a8

Branch filter:

Location: kallithea/docs/usage/backup.rst - annotation

8b47181750a8 512 B text/prs.fallenstein.rst Show Source Show as Raw Download as Raw

Mads Kiilerich

login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350)

htmlfill would remove the CSRF token from the form when substituting the query
parameters, causing password reset to break.

By default, htmlfill will clear all input fields that doesn't have a new
"default" value provided. It could be fixed by setting force_defaults to False
- see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could
also be fixed by providing the CSRF token in the defaults to be substituted in
the form.

Instead, refactor password_reset_confirmation to have more explicitly safe
handling of query parameters. Replace htmlfill with the usual template
variables.

The URLs are generated in kallithea/model/user.py send_reset_password_email()
and should only contain email, timestamp (integer as digit string) and a hex
token from get_reset_password_token() .

af371e206ec5
af371e206ec5
17c9393e9645
e73a69cb98dc
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
e73a69cb98dc
af371e206ec5
fbbe80e3322b
af371e206ec5
af371e206ec5
af371e206ec5
4e6dfdb3fa01
4e6dfdb3fa01
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
e73a69cb98dc
af371e206ec5
af371e206ec5
4e6dfdb3fa01

.. _backup:

====================
Backing up Kallithea
====================


Settings
--------

Just copy your .ini file, it contains all Kallithea settings.


Whoosh index
------------

The Whoosh index is located in the ``data/index`` directory where you installed
Kallithea, i.e., the same place where the ini file is located


Database
--------

When using sqlite just copy kallithea.db.
Any other database engine requires a manual backup operation.

A database backup will contain all gathered statistics.