paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes in login for the token

Browse source
This commit is contained in:
Antonio de la Rosa 2016-06-24 04:40:38 +02:00
parent 8793f67b29
commit 02d6666ee6
7 changed files with 67 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
paramecio/cromosoma/usermodel.py
View file

@ -144,7 +144,7 @@ class UserModel(WebModel):
self.conditions=original_conditions self.conditions=original_conditions
if error>0: if error>0:
self.sql_error+='Error:if is not expected, please, check that you disabled the special checkings of this model' self.query_error+='Error:if is not expected, please, check that you disabled the special checkings of this model'
return False return False
return fields, values, update_values return fields, values, update_values

42
paramecio/modules/admin/index.py
View file

@ -221,7 +221,11 @@ def login():
if arr_user==False: if arr_user==False:
return {'error': 1} s=get_session()
s['csrf_token']=create_key_encrypt()
return {'error': 1, 'csrf_token': s['csrf_token']}
else: else:
num_tries=int(arr_user['num_tries']) num_tries=int(arr_user['num_tries'])
@ -280,9 +284,17 @@ def login():
user_admin.update({'num_tries': arr_user['num_tries']+1}) user_admin.update({'num_tries': arr_user['num_tries']+1})
return {'error': 1} s=get_session()
s['csrf_token']=create_key_encrypt()
return {'error': 1, 'csrf_token': s['csrf_token']}
else: else:
return {'error': 1} s=get_session()
s['csrf_token']=create_key_encrypt()
return {'error': 1, 'csrf_token': s['csrf_token']}
@post('/'+config.admin_folder+'/register') @post('/'+config.admin_folder+'/register')
@ -320,11 +332,17 @@ def register():
pass_values_to_form(getpostfiles.post, user_admin.forms, yes_error=True) pass_values_to_form(getpostfiles.post, user_admin.forms, yes_error=True)
error={'error': 1} s=get_session()
s['csrf_token']=create_key_encrypt()
for field in user_admin.fields.values(): error={'error': 1, 'csrf_token': s['csrf_token']}
for field in user_admin.valid_fields:
error[field.name]=field.txt_error error[field]=user_admin.forms[field].txt_error
error['repeat_password']=user_admin.forms['repeat_password'].txt_error
#error['password_repeat']=I18n.lang('common', 'password_no_match', 'Passwords doesn\'t match') #error['password_repeat']=I18n.lang('common', 'password_no_match', 'Passwords doesn\'t match')
@ -395,7 +413,11 @@ def send_password():
if user_admin.fields['email'].error: if user_admin.fields['email'].error:
return {'email': user_admin.fields['email'].txt_error, 'error': 1} s=get_session()
s['csrf_token']=create_key_encrypt()
return {'email': user_admin.fields['email'].txt_error, 'error': 1, 'csrf_token': s['csrf_token']}
else: else:
@ -479,5 +501,9 @@ def check_code_token():
return {'token': 'Error: i cannot send mail', 'error': 1} return {'token': 'Error: i cannot send mail', 'error': 1}
return {'token': 'Error: cannot send the maild with the new password', 'error': 0} return {'token': 'Error: cannot send the maild with the new password', 'error': 0}
s=get_session()
return {'token': 'Error: token is not valid', 'error': 1} s['csrf_token']=create_key_encrypt()
return {'token': 'Error: token is not valid', 'error': 1, 'csrf_token': s['csrf_token']}

3
paramecio/modules/admin/templates/admin/check_token.phtml
View file

@ -36,6 +36,8 @@
{ {
//alert(JSON.stringify(data)); //alert(JSON.stringify(data));
//$('#result_register').html('Error'); //$('#result_register').html('Error');
$('#csrf_token').attr('value', data.csrf_token);
$('#token_error').html(data.token); $('#token_error').html(data.token);
$('#loading').hide(); $('#loading').hide();
$('#result_register').html(''); $('#result_register').html('');
@ -64,6 +66,7 @@
<div class="form"> <div class="form">
<label>Put your email code</label> <label>Put your email code</label>
<input type="text" name="token" value="" id="token_form"/> <input type="text" name="token" value="" id="token_form"/>
${csrf_token()|n}
<span class="error" id="token_error"></span> <span class="error" id="token_error"></span>
</div> </div>
<div id="result_register" class="form"></div> <div id="result_register" class="form"></div>

12
paramecio/modules/admin/templates/admin/login.phtml
View file

@ -17,11 +17,13 @@
$('#loading').show(); $('#loading').show();
data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $('#csrf_token').val()}; //alert($("input[id=csrf_token]").val());
data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $("input[id=csrf_token]").val()};
if($('#remember_login:checked').val()) if($('#remember_login:checked').val())
{ {
alert('pepe');
data_form.remember_login=$('#remember_login').val(); data_form.remember_login=$('#remember_login').val();
} }
@ -40,6 +42,12 @@
} }
else else
{ {
//$('#csrf_token').val(data.csrf_token);
// Firefox have a horrible and stupid bug and you need attr for set de new csrf_token
$('#csrf_token').attr('value', data.csrf_token);
$('#loading').hide('slow'); $('#loading').hide('slow');

5
paramecio/modules/admin/templates/admin/recovery.phtml
View file

@ -20,7 +20,7 @@
if(data.error==0) if(data.error==0)
{ {
$('#result_register').html('Redirecting to recovery password zone'); $('#result_register').html('Redirecting to recovery password zone');
setTimeout(function () { setTimeout(function () {
@ -36,8 +36,11 @@
{ {
//alert(JSON.stringify(data)); //alert(JSON.stringify(data));
//$('#result_register').html('Error'); //$('#result_register').html('Error');
$('#csrf_token').attr('value', data.csrf_token);
$('#email_error').html(data.email); $('#email_error').html(data.email);
$('#loading').hide();
} }
}); });

10
paramecio/modules/admin/templates/admin/register.phtml
View file

@ -5,6 +5,8 @@
$("#register_submit").click( function () { $("#register_submit").click( function () {
$('#loading').show();
$.ajax({ $.ajax({
url: "${make_url('admin/register')}", url: "${make_url('admin/register')}",
method: "POST", method: "POST",
@ -18,8 +20,7 @@
{ {
//$('#result_register').html('Done!. Redirecting...'); //$('#result_register').html('Done!. Redirecting...');
$('#loading').show(); $('#loading').hide();
window.location.href="${make_url('admin/login')}"; window.location.href="${make_url('admin/login')}";
} }
@ -27,6 +28,11 @@
{ {
//alert(JSON.stringify(data)); //alert(JSON.stringify(data));
//$('#result_register').html('Error'); //$('#result_register').html('Error');
$('#loading').hide();
$('#csrf_token').attr('value', data.csrf_token);
$('#username_error').html(data.username); $('#username_error').html(data.username);
$('#email_error').html(data.email); $('#email_error').html(data.email);
$('#password_error').html(data.password); $('#password_error').html(data.password);

10
paramecio/settings/config.py.sample
View file

@ -54,6 +54,7 @@ cookie_name = 'paramecio.session'
key_encrypt="im smoking fool" key_encrypt="im smoking fool"
"""
session_opts = { session_opts = {
#'session.domain': 'domain.com', #'session.domain': 'domain.com',
'session.cookie_expires': True, 'session.cookie_expires': True,
@ -63,15 +64,18 @@ session_opts = {
'session.key': cookie_name, 'session.key': cookie_name,
'session.validate_key': key_encrypt 'session.validate_key': key_encrypt
} }
""" """
session_opts = { session_opts = {
'session.key': cookie_name,
'session.type': 'file', 'session.type': 'file',
'session.data_dir': './sessions', 'session.data_dir': './sessions',
'session.auto': true 'session.auto': True,
'session.secret': key_encrypt,
} }
"""
cache_session_opts = { cache_session_opts = {