Mercurial > kallithea
changeset 46:9db7782727b3
Static files for production fixed
Error handler for debug on, added
admin auth function authenticates only admins
changed creation of db
| author | Marcin Kuzminski <marcin@python-blog.com> |
|---|---|
| date | Wed, 07 Apr 2010 19:39:31 +0200 |
| parents | a886f5eba757 |
| children | f6ac79182600 |
| files | development.ini production.ini pylons_app/config/middleware.py pylons_app/controllers/admin.py pylons_app/lib/auth.py |
| diffstat | 5 files changed, 33 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/development.ini Wed Apr 07 17:28:10 2010 +0200 +++ b/development.ini Wed Apr 07 19:39:31 2010 +0200 @@ -38,7 +38,6 @@ ################################################################################ #set debug = false - ################################ ### LOGGING CONFIGURATION #### ################################ @@ -91,5 +90,5 @@ [formatter_generic] format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s -datefmt = %H:%M:%S +datefmt = %Y-%m-%d %H:%M:%S
--- a/production.ini Wed Apr 07 17:28:10 2010 +0200 +++ b/production.ini Wed Apr 07 19:39:31 2010 +0200 @@ -26,7 +26,7 @@ [app:main] use = egg:pylons_app full_stack = true -static_files = false +static_files = true lang=en cache_dir = %(here)s/data repos_name = etelko @@ -90,5 +90,5 @@ [formatter_generic] format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s -datefmt = %H:%M:%S +datefmt = %Y-%m-%d %H:%M:%S
--- a/pylons_app/config/middleware.py Wed Apr 07 17:28:10 2010 +0200 +++ b/pylons_app/config/middleware.py Wed Apr 07 19:39:31 2010 +0200 @@ -52,7 +52,7 @@ # 500 when debug is disabled) if asbool(config['debug']): #don't handle 404, since mercurial does it for us. - app = StatusCodeRedirect(app, [400, 401, 403]) + app = StatusCodeRedirect(app, [400, 401, 403, 500]) else: app = StatusCodeRedirect(app, [400, 401, 403, 500])
--- a/pylons_app/controllers/admin.py Wed Apr 07 17:28:10 2010 +0200 +++ b/pylons_app/controllers/admin.py Wed Apr 07 19:39:31 2010 +0200 @@ -30,8 +30,7 @@ try: c.form_result = login_form.to_python(dict(request.params)) - if auth.authfunc(None, c.form_result['username'], c.form_result['password']) and\ - c.form_result['username'] == 'admin': + if auth.admin_auth(c.form_result['username'], c.form_result['password']): session['admin_user'] = True session['admin_username'] = c.form_result['username'] session.save()
--- a/pylons_app/lib/auth.py Wed Apr 07 17:28:10 2010 +0200 +++ b/pylons_app/lib/auth.py Wed Apr 07 19:39:31 2010 +0200 @@ -13,6 +13,28 @@ cur = conn.cursor() return conn, cur + +def admin_auth(username, password): + conn, cur = get_sqlite_conn_cur() + password_crypt = crypt.crypt(password, '6a') + + try: + cur.execute("SELECT * FROM users WHERE username=?", (username,)) + data = cur.fetchone() + except sqlite3.OperationalError as e: + data = None + log.error(e) + + if data: + if data[3]: + if data[1] == username and data[2] == password_crypt and data[4]: + log.info('user %s authenticated correctly', username) + return True + else: + log.error('user %s is disabled', username) + + return False + def authfunc(environ, username, password): conn, cur = get_sqlite_conn_cur() password_crypt = crypt.crypt(password, '6a') @@ -65,7 +87,8 @@ (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT, password TEXT, - active INTEGER)''') + active INTEGER, + admin INTEGER)''') log.info('creating table %s', 'user_logs') cur.execute('''DROP TABLE IF EXISTS user_logs ''') cur.execute('''CREATE TABLE user_logs @@ -80,14 +103,13 @@ cur.close() -def create_user(username, password): +def create_user(username, password, admin=False): conn, cur = get_sqlite_conn_cur() password_crypt = crypt.crypt(password, '6a') - cur_date = datetime.now() log.info('creating user %s', username) try: - cur.execute('''INSERT INTO users values (?,?,?,?) ''', - (None, username, password_crypt, 1,)) + cur.execute('''INSERT INTO users values (?,?,?,?,?) ''', + (None, username, password_crypt, 1, admin)) conn.commit() except: conn.rollback() @@ -95,7 +117,7 @@ if __name__ == "__main__": create_user_table() - create_user('marcink', 'qweqwe') + create_user('marcink', 'qweqwe', True) create_user('lukaszd', 'qweqwe') create_user('adriand', 'qweqwe') create_user('radek', 'qweqwe') @@ -103,6 +125,5 @@ create_user('bart', 'qweqwe') create_user('maho', 'qweqwe') create_user('michalg', 'qweqwe') - create_user('admin', 'qwe123qwe') #authfunc('', 'marcink', 'qweqwe')