kallithea Files · scripts/generate-ini.py

Files @ 8b47181750a8

Branch filter:

Location: kallithea/scripts/generate-ini.py - annotation

8b47181750a8 1.9 KiB text/x-python Show Source Show as Raw Download as Raw

Mads Kiilerich

login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350)

htmlfill would remove the CSRF token from the form when substituting the query
parameters, causing password reset to break.

By default, htmlfill will clear all input fields that doesn't have a new
"default" value provided. It could be fixed by setting force_defaults to False
- see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could
also be fixed by providing the CSRF token in the defaults to be substituted in
the form.

Instead, refactor password_reset_confirmation to have more explicitly safe
handling of query parameters. Replace htmlfill with the usual template
variables.

The URLs are generated in kallithea/model/user.py send_reset_password_email()
and should only contain email, timestamp (integer as digit string) and a hex
token from get_reset_password_token() .

06d5c043e989
06d5c043e989
451b3f9d814e
06d5c043e989
06d5c043e989
a8e6bb9ee9ea
a8e6bb9ee9ea
06d5c043e989
06d5c043e989
e3cce237d77c
e3cce237d77c
0a277465fddf
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
fc6b1b0e1096
06d5c043e989
bbf7be28a11e
06d5c043e989
609d52bbf917
609d52bbf917
06d5c043e989
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
150173a027ee
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
94f6b23e52d0
a8e6bb9ee9ea
665dfa112f2c
06d5c043e989
06d5c043e989
06d5c043e989
a8e6bb9ee9ea
665dfa112f2c
06d5c043e989
06d5c043e989
d06039dc4ca2
a8e6bb9ee9ea
94f6b23e52d0
94f6b23e52d0
06d5c043e989
06d5c043e989
06d5c043e989

#!/usr/bin/env python2
"""
Based on kallithea/lib/paster_commands/template.ini.mako, generate development.ini
"""

from __future__ import print_function

import re

from kallithea.lib import inifile


# files to be generated from the mako template
ini_files = [
    ('development.ini',
        {
            '[server:main]': {
                'host': '0.0.0.0',
            },
            '[app:main]': {
                'debug': 'true',
                'app_instance_uuid': 'development-not-secret',
                'session.secret': 'development-not-secret',
            },
            '[logger_root]': {
                'handlers': 'console_color',
            },
            '[logger_routes]': {
                'level': 'DEBUG',
            },
            '[logger_beaker]': {
                'level': 'DEBUG',
            },
            '[logger_templates]': {
                'level': 'INFO',
            },
            '[logger_kallithea]': {
                'level': 'DEBUG',
            },
            '[logger_tg]': {
                'level': 'DEBUG',
            },
            '[logger_gearbox]': {
                'level': 'DEBUG',
            },
            '[logger_whoosh_indexer]': {
                'level': 'DEBUG',
            },
        },
    ),
]


def main():
    # make sure all mako lines starting with '#' (the '##' comments) are marked up as <text>
    makofile = inifile.template_file
    print('reading:', makofile)
    mako_org = open(makofile).read()
    mako_no_text_markup = re.sub(r'</?%text>', '', mako_org)
    mako_marked_up = re.sub(r'\n(##.*)', r'\n<%text>\1</%text>', mako_no_text_markup, flags=re.MULTILINE)
    if mako_marked_up != mako_org:
        print('writing:', makofile)
        open(makofile, 'w').write(mako_marked_up)

    # create ini files
    for fn, settings in ini_files:
        print('updating:', fn)
        inifile.create(fn, None, settings)


if __name__ == '__main__':
    main()