Files
@ 8b47181750a8
Branch filter:
Location: kallithea/init.d/celeryd-upstart.conf - annotation
8b47181750a8
932 B
text/plain
login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350)
htmlfill would remove the CSRF token from the form when substituting the query
parameters, causing password reset to break.
By default, htmlfill will clear all input fields that doesn't have a new
"default" value provided. It could be fixed by setting force_defaults to False
- see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could
also be fixed by providing the CSRF token in the defaults to be substituted in
the form.
Instead, refactor password_reset_confirmation to have more explicitly safe
handling of query parameters. Replace htmlfill with the usual template
variables.
The URLs are generated in kallithea/model/user.py send_reset_password_email()
and should only contain email, timestamp (integer as digit string) and a hex
token from get_reset_password_token() .
htmlfill would remove the CSRF token from the form when substituting the query
parameters, causing password reset to break.
By default, htmlfill will clear all input fields that doesn't have a new
"default" value provided. It could be fixed by setting force_defaults to False
- see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could
also be fixed by providing the CSRF token in the defaults to be substituted in
the form.
Instead, refactor password_reset_confirmation to have more explicitly safe
handling of query parameters. Replace htmlfill with the usual template
variables.
The URLs are generated in kallithea/model/user.py send_reset_password_email()
and should only contain email, timestamp (integer as digit string) and a hex
token from get_reset_password_token() .
99ad9d0af1a3 58df0b3ed377 58df0b3ed377 58df0b3ed377 e285bb7abb28 e285bb7abb28 58df0b3ed377 99ad9d0af1a3 99ad9d0af1a3 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 99ad9d0af1a3 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 1d539bb18165 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 58df0b3ed377 | # celeryd - run the celeryd daemon as an upstart job for kallithea
# Change variables/paths as necessary and place file /etc/init/celeryd.conf
# start/stop/restart as normal upstart job (ie: $ start celeryd)
description "Celery for Kallithea Mercurial Server"
author "Matt Zuba <matt.zuba@goodwillaz.org"
start on starting kallithea
stop on stopped kallithea
respawn
umask 0022
env PIDFILE=/tmp/celeryd.pid
env APPINI=/var/hg/kallithea/production.ini
env HOME=/var/hg
env USER=hg
# To use group (if different from user), you must edit sudoers file and change
# root's entry from (ALL) to (ALL:ALL)
# env GROUP=hg
script
COMMAND="/var/hg/.virtualenvs/kallithea/bin/kallithea-cli celery-run -c $APPINI -- --pidfile=$PIDFILE"
if [ -z "$GROUP" ]; then
exec sudo -u $USER $COMMAND
else
exec sudo -u $USER -g $GROUP $COMMAND
fi
end script
post-stop script
rm -f $PIDFILE
end script
|