Fixes
This commit is contained in:
parent
ed23a19044
commit
c42128b4a7
6 changed files with 93 additions and 29 deletions
|
|
@ -3,7 +3,7 @@
|
||||||
from paramecio.libraries.db import corefields
|
from paramecio.libraries.db import corefields
|
||||||
from paramecio.libraries.db.coreforms import PasswordForm
|
from paramecio.libraries.db.coreforms import PasswordForm
|
||||||
from paramecio.libraries.i18n import I18n
|
from paramecio.libraries.i18n import I18n
|
||||||
from paramecio.libraries.sessions import get_session
|
from paramecio.libraries.sessionplugin import get_session
|
||||||
from paramecio.libraries.keyutils import create_key_encrypt
|
from paramecio.libraries.keyutils import create_key_encrypt
|
||||||
from bottle import request
|
from bottle import request
|
||||||
|
|
||||||
|
|
@ -123,9 +123,9 @@ def csrf_token(token_id='csrf_token'):
|
||||||
|
|
||||||
s=get_session()
|
s=get_session()
|
||||||
|
|
||||||
if not 'csrf_token' in s:
|
#if not 'csrf_token' in s:
|
||||||
s['csrf_token']=create_key_encrypt()
|
s['csrf_token']=create_key_encrypt()
|
||||||
s.save()
|
#s.save()
|
||||||
|
|
||||||
return '<input type="hidden" name="csrf_token" class="csrf_token" id="'+token_id+'" value="'+s['csrf_token']+'" />'
|
return '<input type="hidden" name="csrf_token" class="csrf_token" id="'+token_id+'" value="'+s['csrf_token']+'" />'
|
||||||
|
|
||||||
|
|
@ -135,7 +135,7 @@ def generate_csrf():
|
||||||
|
|
||||||
if not 'csrf_token' in s:
|
if not 'csrf_token' in s:
|
||||||
s['csrf_token']=create_key_encrypt()
|
s['csrf_token']=create_key_encrypt()
|
||||||
s.save()
|
#s.save()
|
||||||
|
|
||||||
return s['csrf_token']
|
return s['csrf_token']
|
||||||
|
|
||||||
|
|
|
||||||
44
paramecio/libraries/db/simplequery.py
Normal file
44
paramecio/libraries/db/simplequery.py
Normal file
|
|
@ -0,0 +1,44 @@
|
||||||
|
|
||||||
|
# A more simple set for make queries
|
||||||
|
|
||||||
|
def insert(model, db, dict_values):
|
||||||
|
|
||||||
|
final_values={}
|
||||||
|
|
||||||
|
for k in model.fields.keys():
|
||||||
|
final_values[k]=model.fields[k].check(dict_values.get(k, ''))
|
||||||
|
|
||||||
|
del final_values[model.name_field_id]
|
||||||
|
|
||||||
|
str_fields="`"+"`, `".join(final_values.keys())+"`"
|
||||||
|
|
||||||
|
str_query='insert into {} ({}) VALUES ({})'.format(model.name, str_fields, ", ".join(['%s']*len(final_values)))
|
||||||
|
|
||||||
|
success=False
|
||||||
|
|
||||||
|
with db.query(str_query, list(final_values.values())) as cursor:
|
||||||
|
|
||||||
|
if cursor.rowcount>0:
|
||||||
|
|
||||||
|
model.last_id=cursor.lastrowid
|
||||||
|
success=True
|
||||||
|
|
||||||
|
return success
|
||||||
|
|
||||||
|
|
||||||
|
def select(model, db, dict_fields=[], where_sql='', limit='', dict_values=[]):
|
||||||
|
|
||||||
|
if len(dict_fields)==0:
|
||||||
|
dict_fields=['`'+field+'`' for field in model.fields.keys()]
|
||||||
|
|
||||||
|
str_fields=", ".join(dict_fields)
|
||||||
|
|
||||||
|
str_query='select {} from {} {} limit 1'.format(str_fields, model.name, where_sql)
|
||||||
|
|
||||||
|
arr_result=[]
|
||||||
|
|
||||||
|
with db.query(str_query, dict_values) as cursor:
|
||||||
|
|
||||||
|
arr_result=cursor.fetchall()
|
||||||
|
|
||||||
|
return arr_result
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
import json, re
|
import json, re
|
||||||
from bottle import request, response
|
from bottle import request, response
|
||||||
from paramecio.libraries.sessions import get_session
|
from paramecio.libraries.sessionplugin import get_session
|
||||||
from paramecio.libraries.keyutils import create_key_encrypt
|
from paramecio.libraries.keyutils import create_key_encrypt
|
||||||
from bottle import HTTPResponse
|
from bottle import HTTPResponse
|
||||||
|
|
||||||
|
|
@ -100,7 +100,7 @@ class GetPostFiles:
|
||||||
self.post[post]=self.post.get(post, '')
|
self.post[post]=self.post.get(post, '')
|
||||||
|
|
||||||
s=get_session()
|
s=get_session()
|
||||||
|
#print('s', s)
|
||||||
if ignore_csrf_token==False and no_csrf==False:
|
if ignore_csrf_token==False and no_csrf==False:
|
||||||
|
|
||||||
if 'csrf_token' in s:
|
if 'csrf_token' in s:
|
||||||
|
|
@ -113,7 +113,7 @@ class GetPostFiles:
|
||||||
|
|
||||||
del s['csrf_token']
|
del s['csrf_token']
|
||||||
|
|
||||||
s.save()
|
#s.save()
|
||||||
|
|
||||||
#raise NameError('Error: you need a valid csrf_token')
|
#raise NameError('Error: you need a valid csrf_token')
|
||||||
raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 1}), status=200, headers={'Content-type': 'application/json'})
|
raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 1}), status=200, headers={'Content-type': 'application/json'})
|
||||||
|
|
@ -124,7 +124,7 @@ class GetPostFiles:
|
||||||
|
|
||||||
del s['csrf_token']
|
del s['csrf_token']
|
||||||
|
|
||||||
s.save()
|
#s.save()
|
||||||
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
|
@ -160,8 +160,8 @@ def check_csrf(post):
|
||||||
|
|
||||||
del s['csrf_token']
|
del s['csrf_token']
|
||||||
|
|
||||||
s.save()
|
#s.save()
|
||||||
|
|
||||||
else:
|
else:
|
||||||
#raise NameError('Error: you don\'t send any valid csrf_token')
|
#raise NameError('Error: you don\'t send any valid csrf_token')
|
||||||
raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 0}), status=200, headers={'Content-type': 'application/json'})
|
raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'message': 'Error: csrf token invalid', 'token_invalid': 0}), status=200, headers={'Content-type': 'application/json'})
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from importlib import import_module
|
from importlib import import_module
|
||||||
from paramecio.libraries.sessions import get_session
|
from paramecio.libraries.sessionplugin import get_session
|
||||||
import json
|
import json
|
||||||
from bottle import request
|
from bottle import request
|
||||||
import gettext
|
import gettext
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@ from paramecio.libraries.js import make_js_url
|
||||||
from settings import config
|
from settings import config
|
||||||
from os import path
|
from os import path
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
|
from paramecio.wsgiapp import app
|
||||||
|
|
||||||
# Preparing envs for views of modules, and views of
|
# Preparing envs for views of modules, and views of
|
||||||
|
|
||||||
|
|
@ -85,13 +86,17 @@ def preload_templates(template_files, env):
|
||||||
|
|
||||||
return templates
|
return templates
|
||||||
|
|
||||||
|
def url_for(name):
|
||||||
|
|
||||||
|
return app.get_url(name)
|
||||||
|
|
||||||
class PTemplate:
|
class PTemplate:
|
||||||
"""A class used how shortcuts for Mako template functions.
|
"""A class used how shortcuts for Mako template functions.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
templates_loaded={}
|
templates_loaded={}
|
||||||
|
|
||||||
def __init__(self, environment, app=None):
|
def __init__(self, environment):
|
||||||
|
|
||||||
"""A class used how shortcuts for Mako template functions.
|
"""A class used how shortcuts for Mako template functions.
|
||||||
|
|
||||||
|
|
@ -188,7 +193,7 @@ class PTemplate:
|
||||||
|
|
||||||
module_env=self.env.directories[1].replace('/templates', '')
|
module_env=self.env.directories[1].replace('/templates', '')
|
||||||
|
|
||||||
self.l=PGetText(module_env+'/index.py')
|
self.l=PGetText(module_env+'/app.py')
|
||||||
|
|
||||||
self.add_filter(self._)
|
self.add_filter(self._)
|
||||||
|
|
||||||
|
|
@ -198,6 +203,12 @@ class PTemplate:
|
||||||
|
|
||||||
self.add_filter(self.i18n.tlang)
|
self.add_filter(self.i18n.tlang)
|
||||||
|
|
||||||
|
#self.url_for=lambda name: app.get_url(name)
|
||||||
|
#x = lambda a : a + 10
|
||||||
|
#print(self.url_for)
|
||||||
|
|
||||||
|
self.add_filter(url_for)
|
||||||
|
|
||||||
def _(self, text):
|
def _(self, text):
|
||||||
|
|
||||||
return self.l.gettext(text)
|
return self.l.gettext(text)
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,10 @@ class Session(dict):
|
||||||
super(Session, self).__setitem__(item, value)
|
super(Session, self).__setitem__(item, value)
|
||||||
self.changed=True
|
self.changed=True
|
||||||
|
|
||||||
|
def get_session():
|
||||||
|
|
||||||
|
return request.environ.get('session', {})
|
||||||
|
|
||||||
class SessionPlugin(object):
|
class SessionPlugin(object):
|
||||||
|
|
||||||
name = 'session'
|
name = 'session'
|
||||||
|
|
@ -52,32 +56,37 @@ class SessionPlugin(object):
|
||||||
|
|
||||||
cookie=request.get_cookie(config.cookie_name)
|
cookie=request.get_cookie(config.cookie_name)
|
||||||
|
|
||||||
s=None
|
safe=None
|
||||||
|
|
||||||
if not cookie:
|
if not cookie:
|
||||||
session=Session()
|
session=Session()
|
||||||
else:
|
else:
|
||||||
|
|
||||||
s=URLSafeTimedSerializer(config.key_encrypt)
|
safe=URLSafeTimedSerializer(config.key_encrypt)
|
||||||
|
try:
|
||||||
session=Session(s.loads(cookie))
|
session=Session(safe.loads(cookie))
|
||||||
|
|
||||||
if type(session).__name__!='Session':
|
if type(session).__name__!='Session':
|
||||||
session=Session()
|
session=Session()
|
||||||
|
|
||||||
#except:
|
except:
|
||||||
# session=Session()
|
session=Session()
|
||||||
|
|
||||||
kwargs['session']=session
|
kwargs['session']=session
|
||||||
|
|
||||||
|
#For compatibility with old sessions server-side style.
|
||||||
|
|
||||||
|
request.environ['session']=session
|
||||||
|
|
||||||
rv=callback(*args, **kwargs)
|
rv=callback(*args, **kwargs)
|
||||||
|
|
||||||
if session.changed:
|
if session.changed:
|
||||||
#print('changed')
|
print('changed')
|
||||||
if not s:
|
if not safe:
|
||||||
s=URLSafeTimedSerializer(config.key_encrypt)
|
safe=URLSafeTimedSerializer(config.key_encrypt)
|
||||||
#print(session)
|
|
||||||
response.set_cookie(config.cookie_name, s.dumps(session))
|
#if not max_age:
|
||||||
|
response.set_cookie(config.cookie_name, safe.dumps(session), path=config.session_opts['session.path'], httponly=True)
|
||||||
|
|
||||||
return rv
|
return rv
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue