diff --git a/paramecio/cromosoma/usermodel.py b/paramecio/cromosoma/usermodel.py
index 550b638..a038a50 100644
--- a/paramecio/cromosoma/usermodel.py
+++ b/paramecio/cromosoma/usermodel.py
@@ -144,7 +144,7 @@ class UserModel(WebModel):
self.conditions=original_conditions
if error>0:
- self.sql_error+='Error:if is not expected, please, check that you disabled the special checkings of this model'
+ self.query_error+='Error:if is not expected, please, check that you disabled the special checkings of this model'
return False
return fields, values, update_values
diff --git a/paramecio/modules/admin/index.py b/paramecio/modules/admin/index.py
index 1c9d9dc..b03bcb2 100644
--- a/paramecio/modules/admin/index.py
+++ b/paramecio/modules/admin/index.py
@@ -221,7 +221,11 @@ def login():
if arr_user==False:
- return {'error': 1}
+ s=get_session()
+
+ s['csrf_token']=create_key_encrypt()
+
+ return {'error': 1, 'csrf_token': s['csrf_token']}
else:
num_tries=int(arr_user['num_tries'])
@@ -280,9 +284,17 @@ def login():
user_admin.update({'num_tries': arr_user['num_tries']+1})
- return {'error': 1}
+ s=get_session()
+
+ s['csrf_token']=create_key_encrypt()
+
+ return {'error': 1, 'csrf_token': s['csrf_token']}
else:
- return {'error': 1}
+ s=get_session()
+
+ s['csrf_token']=create_key_encrypt()
+
+ return {'error': 1, 'csrf_token': s['csrf_token']}
@post('/'+config.admin_folder+'/register')
@@ -320,11 +332,17 @@ def register():
pass_values_to_form(getpostfiles.post, user_admin.forms, yes_error=True)
- error={'error': 1}
+ s=get_session()
+
+ s['csrf_token']=create_key_encrypt()
- for field in user_admin.fields.values():
+ error={'error': 1, 'csrf_token': s['csrf_token']}
+
+ for field in user_admin.valid_fields:
- error[field.name]=field.txt_error
+ error[field]=user_admin.forms[field].txt_error
+
+ error['repeat_password']=user_admin.forms['repeat_password'].txt_error
#error['password_repeat']=I18n.lang('common', 'password_no_match', 'Passwords doesn\'t match')
@@ -395,7 +413,11 @@ def send_password():
if user_admin.fields['email'].error:
- return {'email': user_admin.fields['email'].txt_error, 'error': 1}
+ s=get_session()
+
+ s['csrf_token']=create_key_encrypt()
+
+ return {'email': user_admin.fields['email'].txt_error, 'error': 1, 'csrf_token': s['csrf_token']}
else:
@@ -479,5 +501,9 @@ def check_code_token():
return {'token': 'Error: i cannot send mail', 'error': 1}
return {'token': 'Error: cannot send the maild with the new password', 'error': 0}
+
+ s=get_session()
- return {'token': 'Error: token is not valid', 'error': 1}
+ s['csrf_token']=create_key_encrypt()
+
+ return {'token': 'Error: token is not valid', 'error': 1, 'csrf_token': s['csrf_token']}
diff --git a/paramecio/modules/admin/templates/admin/check_token.phtml b/paramecio/modules/admin/templates/admin/check_token.phtml
index 6d20f01..c915e8f 100644
--- a/paramecio/modules/admin/templates/admin/check_token.phtml
+++ b/paramecio/modules/admin/templates/admin/check_token.phtml
@@ -36,6 +36,8 @@
{
//alert(JSON.stringify(data));
//$('#result_register').html('Error');
+ $('#csrf_token').attr('value', data.csrf_token);
+
$('#token_error').html(data.token);
$('#loading').hide();
$('#result_register').html('');
@@ -64,6 +66,7 @@
+ ${csrf_token()|n}
diff --git a/paramecio/modules/admin/templates/admin/login.phtml b/paramecio/modules/admin/templates/admin/login.phtml
index 1ef57e9..36d96e4 100644
--- a/paramecio/modules/admin/templates/admin/login.phtml
+++ b/paramecio/modules/admin/templates/admin/login.phtml
@@ -17,11 +17,13 @@
$('#loading').show();
- data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $('#csrf_token').val()};
+ //alert($("input[id=csrf_token]").val());
+
+ data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $("input[id=csrf_token]").val()};
if($('#remember_login:checked').val())
{
- alert('pepe');
+
data_form.remember_login=$('#remember_login').val();
}
@@ -40,6 +42,12 @@
}
else
{
+
+ //$('#csrf_token').val(data.csrf_token);
+
+ // Firefox have a horrible and stupid bug and you need attr for set de new csrf_token
+
+ $('#csrf_token').attr('value', data.csrf_token);
$('#loading').hide('slow');
diff --git a/paramecio/modules/admin/templates/admin/recovery.phtml b/paramecio/modules/admin/templates/admin/recovery.phtml
index 1d6027d..a85b9f4 100644
--- a/paramecio/modules/admin/templates/admin/recovery.phtml
+++ b/paramecio/modules/admin/templates/admin/recovery.phtml
@@ -20,7 +20,7 @@
if(data.error==0)
{
-
+
$('#result_register').html('Redirecting to recovery password zone');
setTimeout(function () {
@@ -36,8 +36,11 @@
{
//alert(JSON.stringify(data));
//$('#result_register').html('Error');
+ $('#csrf_token').attr('value', data.csrf_token);
$('#email_error').html(data.email);
+ $('#loading').hide();
+
}
});
diff --git a/paramecio/modules/admin/templates/admin/register.phtml b/paramecio/modules/admin/templates/admin/register.phtml
index 05d7a63..d4abc03 100644
--- a/paramecio/modules/admin/templates/admin/register.phtml
+++ b/paramecio/modules/admin/templates/admin/register.phtml
@@ -5,6 +5,8 @@
$("#register_submit").click( function () {
+ $('#loading').show();
+
$.ajax({
url: "${make_url('admin/register')}",
method: "POST",
@@ -18,8 +20,7 @@
{
//$('#result_register').html('Done!. Redirecting...');
- $('#loading').show();
-
+ $('#loading').hide();
window.location.href="${make_url('admin/login')}";
}
@@ -27,6 +28,11 @@
{
//alert(JSON.stringify(data));
//$('#result_register').html('Error');
+
+ $('#loading').hide();
+
+ $('#csrf_token').attr('value', data.csrf_token);
+
$('#username_error').html(data.username);
$('#email_error').html(data.email);
$('#password_error').html(data.password);
diff --git a/paramecio/settings/config.py.sample b/paramecio/settings/config.py.sample
index 33b0f49..b270d2e 100644
--- a/paramecio/settings/config.py.sample
+++ b/paramecio/settings/config.py.sample
@@ -54,6 +54,7 @@ cookie_name = 'paramecio.session'
key_encrypt="im smoking fool"
+"""
session_opts = {
#'session.domain': 'domain.com',
'session.cookie_expires': True,
@@ -63,15 +64,18 @@ session_opts = {
'session.key': cookie_name,
'session.validate_key': key_encrypt
}
-
"""
+
session_opts = {
+
+ 'session.key': cookie_name,
'session.type': 'file',
'session.data_dir': './sessions',
- 'session.auto': true
+ 'session.auto': True,
+ 'session.secret': key_encrypt,
}
-"""
+
cache_session_opts = {