From 02d6666ee66c7f9804f01e1baab6bea31c5f11f4 Mon Sep 17 00:00:00 2001 From: Antonio de la Rosa Date: Fri, 24 Jun 2016 04:40:38 +0200 Subject: [PATCH] Fixes in login for the token --- paramecio/cromosoma/usermodel.py | 2 +- paramecio/modules/admin/index.py | 42 +++++++++++++++---- .../admin/templates/admin/check_token.phtml | 3 ++ .../modules/admin/templates/admin/login.phtml | 12 +++++- .../admin/templates/admin/recovery.phtml | 5 ++- .../admin/templates/admin/register.phtml | 10 ++++- paramecio/settings/config.py.sample | 10 +++-- 7 files changed, 67 insertions(+), 17 deletions(-) diff --git a/paramecio/cromosoma/usermodel.py b/paramecio/cromosoma/usermodel.py index 550b638..a038a50 100644 --- a/paramecio/cromosoma/usermodel.py +++ b/paramecio/cromosoma/usermodel.py @@ -144,7 +144,7 @@ class UserModel(WebModel): self.conditions=original_conditions if error>0: - self.sql_error+='Error:if is not expected, please, check that you disabled the special checkings of this model' + self.query_error+='Error:if is not expected, please, check that you disabled the special checkings of this model' return False return fields, values, update_values diff --git a/paramecio/modules/admin/index.py b/paramecio/modules/admin/index.py index 1c9d9dc..b03bcb2 100644 --- a/paramecio/modules/admin/index.py +++ b/paramecio/modules/admin/index.py @@ -221,7 +221,11 @@ def login(): if arr_user==False: - return {'error': 1} + s=get_session() + + s['csrf_token']=create_key_encrypt() + + return {'error': 1, 'csrf_token': s['csrf_token']} else: num_tries=int(arr_user['num_tries']) @@ -280,9 +284,17 @@ def login(): user_admin.update({'num_tries': arr_user['num_tries']+1}) - return {'error': 1} + s=get_session() + + s['csrf_token']=create_key_encrypt() + + return {'error': 1, 'csrf_token': s['csrf_token']} else: - return {'error': 1} + s=get_session() + + s['csrf_token']=create_key_encrypt() + + return {'error': 1, 'csrf_token': s['csrf_token']} @post('/'+config.admin_folder+'/register') @@ -320,11 +332,17 @@ def register(): pass_values_to_form(getpostfiles.post, user_admin.forms, yes_error=True) - error={'error': 1} + s=get_session() + + s['csrf_token']=create_key_encrypt() - for field in user_admin.fields.values(): + error={'error': 1, 'csrf_token': s['csrf_token']} + + for field in user_admin.valid_fields: - error[field.name]=field.txt_error + error[field]=user_admin.forms[field].txt_error + + error['repeat_password']=user_admin.forms['repeat_password'].txt_error #error['password_repeat']=I18n.lang('common', 'password_no_match', 'Passwords doesn\'t match') @@ -395,7 +413,11 @@ def send_password(): if user_admin.fields['email'].error: - return {'email': user_admin.fields['email'].txt_error, 'error': 1} + s=get_session() + + s['csrf_token']=create_key_encrypt() + + return {'email': user_admin.fields['email'].txt_error, 'error': 1, 'csrf_token': s['csrf_token']} else: @@ -479,5 +501,9 @@ def check_code_token(): return {'token': 'Error: i cannot send mail', 'error': 1} return {'token': 'Error: cannot send the maild with the new password', 'error': 0} + + s=get_session() - return {'token': 'Error: token is not valid', 'error': 1} + s['csrf_token']=create_key_encrypt() + + return {'token': 'Error: token is not valid', 'error': 1, 'csrf_token': s['csrf_token']} diff --git a/paramecio/modules/admin/templates/admin/check_token.phtml b/paramecio/modules/admin/templates/admin/check_token.phtml index 6d20f01..c915e8f 100644 --- a/paramecio/modules/admin/templates/admin/check_token.phtml +++ b/paramecio/modules/admin/templates/admin/check_token.phtml @@ -36,6 +36,8 @@ { //alert(JSON.stringify(data)); //$('#result_register').html('Error'); + $('#csrf_token').attr('value', data.csrf_token); + $('#token_error').html(data.token); $('#loading').hide(); $('#result_register').html(''); @@ -64,6 +66,7 @@
+ ${csrf_token()|n}
diff --git a/paramecio/modules/admin/templates/admin/login.phtml b/paramecio/modules/admin/templates/admin/login.phtml index 1ef57e9..36d96e4 100644 --- a/paramecio/modules/admin/templates/admin/login.phtml +++ b/paramecio/modules/admin/templates/admin/login.phtml @@ -17,11 +17,13 @@ $('#loading').show(); - data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $('#csrf_token').val()}; + //alert($("input[id=csrf_token]").val()); + + data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $("input[id=csrf_token]").val()}; if($('#remember_login:checked').val()) { - alert('pepe'); + data_form.remember_login=$('#remember_login').val(); } @@ -40,6 +42,12 @@ } else { + + //$('#csrf_token').val(data.csrf_token); + + // Firefox have a horrible and stupid bug and you need attr for set de new csrf_token + + $('#csrf_token').attr('value', data.csrf_token); $('#loading').hide('slow'); diff --git a/paramecio/modules/admin/templates/admin/recovery.phtml b/paramecio/modules/admin/templates/admin/recovery.phtml index 1d6027d..a85b9f4 100644 --- a/paramecio/modules/admin/templates/admin/recovery.phtml +++ b/paramecio/modules/admin/templates/admin/recovery.phtml @@ -20,7 +20,7 @@ if(data.error==0) { - + $('#result_register').html('Redirecting to recovery password zone'); setTimeout(function () { @@ -36,8 +36,11 @@ { //alert(JSON.stringify(data)); //$('#result_register').html('Error'); + $('#csrf_token').attr('value', data.csrf_token); $('#email_error').html(data.email); + $('#loading').hide(); + } }); diff --git a/paramecio/modules/admin/templates/admin/register.phtml b/paramecio/modules/admin/templates/admin/register.phtml index 05d7a63..d4abc03 100644 --- a/paramecio/modules/admin/templates/admin/register.phtml +++ b/paramecio/modules/admin/templates/admin/register.phtml @@ -5,6 +5,8 @@ $("#register_submit").click( function () { + $('#loading').show(); + $.ajax({ url: "${make_url('admin/register')}", method: "POST", @@ -18,8 +20,7 @@ { //$('#result_register').html('Done!. Redirecting...'); - $('#loading').show(); - + $('#loading').hide(); window.location.href="${make_url('admin/login')}"; } @@ -27,6 +28,11 @@ { //alert(JSON.stringify(data)); //$('#result_register').html('Error'); + + $('#loading').hide(); + + $('#csrf_token').attr('value', data.csrf_token); + $('#username_error').html(data.username); $('#email_error').html(data.email); $('#password_error').html(data.password); diff --git a/paramecio/settings/config.py.sample b/paramecio/settings/config.py.sample index 33b0f49..b270d2e 100644 --- a/paramecio/settings/config.py.sample +++ b/paramecio/settings/config.py.sample @@ -54,6 +54,7 @@ cookie_name = 'paramecio.session' key_encrypt="im smoking fool" +""" session_opts = { #'session.domain': 'domain.com', 'session.cookie_expires': True, @@ -63,15 +64,18 @@ session_opts = { 'session.key': cookie_name, 'session.validate_key': key_encrypt } - """ + session_opts = { + + 'session.key': cookie_name, 'session.type': 'file', 'session.data_dir': './sessions', - 'session.auto': true + 'session.auto': True, + 'session.secret': key_encrypt, } -""" + cache_session_opts = {