Commit e886dbab authored by Nicolas Joyard's avatar Nicolas Joyard

Ajout identification

parent c0796558
......@@ -2,3 +2,5 @@
*.egg-info
*.pyc
*~
data/secret.txt
# -*- coding: utf-8 -*-
import os
from random import SystemRandom
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
def get_secret_key(data_dir):
secret_file = os.path.join(data_dir, 'secret.txt')
if not os.path.exists(secret_file):
chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
rnd = SystemRandom()
key = ''.join([chars[rnd.randint(1, len(chars))-1]
for i in range(1, 50)])
with open(secret_file, 'w+') as f:
f.write(key)
with open(secret_file, 'r') as f:
return f.read()
class DefaultConfig(object):
"""
Default irfm config file for standard environment
......@@ -17,7 +35,6 @@ class DefaultConfig(object):
SQLALCHEMY_ECHO = False
DATA_DIR = os.path.join(BASE_DIR, 'data')
API_PAGE_SIZE = 10
SECRET_KEY = 'no-secret-key'
PIWIK_HOST = None
PIWIK_ID = None
......@@ -30,35 +47,7 @@ class DebugConfig(DefaultConfig):
SQLALCHEMY_ECHO = True
class AutoSecretKeyConfig(DefaultConfig):
"""
Default config that automatically generates a secret key in DATA_DIR
"""
_secret_key = None
@property
def SECRET_KEY(self):
if not self._secret_key:
secret_file = os.path.join(self.DATA_DIR, 'secret.txt')
if not os.path.exists(secret_file):
chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
from random import SystemRandom
rnd = SystemRandom()
key = ''.join([chars[rnd.randint(1, len(chars))-1]
for i in range(1, 50)])
with open(secret_file, 'w+') as f:
f.write(key)
with open(secret_file, 'r') as f:
self._secret_key = f.read()
return self._secret_key
class EnvironmentConfig(AutoSecretKeyConfig):
class EnvironmentConfig(DefaultConfig):
"""
Config for environment-based setup.
- IRFM_DEBUG: 'True' to enable
......
......@@ -6,10 +6,13 @@ from .filters import setup as setup_filters
from .home import setup_routes as setup_home
from .parlementaires import setup_routes as setup_parl
from .pdf import setup_routes as setup_pdf
from .session import setup_routes as setup_session
def setup_routes(app):
setup_cp(app)
setup_filters(app)
setup_home(app)
setup_session(app)
setup_parl(app)
setup_pdf(app)
......@@ -4,7 +4,7 @@ from flask import abort, make_response, render_template
from xhtml2pdf import pisa
from io import BytesIO
from ..models import Parlementaire
from ..models import Parlementaire
def setup_routes(app):
......
# -*- coding: utf-8 -*-
import re
from flask import abort, flash, redirect, request, session, url_for
from urllib.parse import urlparse, urljoin
def is_safe_url(target):
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and \
ref_url.netloc == test_url.netloc
def redirect_back():
if request.referrer and is_safe_url(request.referrer):
return redirect(request.referrer)
else:
return redirect(url_for('home'))
def sanitize(text):
return re.sub(r'[^@A-Za-z0-9_.-]', '', text)
def check_email(text):
return re.search(r'^[^@]+@[^@]+\.[^@]+$', text)
def setup_routes(app):
@app.route('/login', methods=['POST'])
def login():
nick = sanitize(request.form['nick'])
if nick != request.form['nick']:
flash('Seuls les caractères suivants sont autorisés: '
'a-z 0-9 _ - @ . ', category='error')
return redirect_back()
if not len(nick):
flash('Veuillez saisir un pseudonyme !', category='error')
return redirect_back()
if not check_email(request.form['email']):
flash('Veuillez saisir une adresse e-mail valide pour assurer le '
'suivi de l\'envoi des demandes !', category='error')
return redirect_back()
session['user'] = {
'nick': nick,
'email': request.form['email'],
}
return redirect_back()
@app.route('/logout')
def logout():
session.pop('user', None)
return redirect_back()
......@@ -5,9 +5,11 @@ import os
from flask import Flask
from flaskext.markdown import Markdown
from .config import get_secret_key
from .routes import setup_routes
def setup_app(name):
# Create app
app = Flask(name)
......@@ -17,6 +19,9 @@ def setup_app(name):
'irfm.config.DefaultConfig')
app.config.from_object(config_obj)
if not app.config.get('SECRET_KEY'):
app.config['SECRET_KEY'] = get_secret_key(app.config['DATA_DIR'])
# Setup DB
from .models import db
db.init_app(app)
......
......@@ -62,3 +62,15 @@ th.col-right {
font-size: 40px;
font-weight: bold;
}
.nav li.login {
float: right;
}
.login-form {
padding: 1em;
}
.login-form input {
width: 20em;
}
\ No newline at end of file
......@@ -22,13 +22,47 @@
{% for item in menu %}
<li role="presentation" {% if request.endpoint == item.endpoint %}class="active"{% endif %}><a href="{{ item.url }}">{{ item.label }}</a></li>
{% endfor %}
{% block menuitem %}
{% endblock %}
<li role="presentation" class="login">
<div class="btn-group">
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
{% if session.user %}
{{ session.user.nick }}
{% else %}
S'identifier
{% endif %}
<span class="caret"></span>
</button>
<ul class="dropdown-menu dropdown-menu-right">
<li>
{% if session.user %}
<a href="{{ url_for('logout') }}">Se déconnecter</a>
{% else %}
<form class="form-horizontal login-form" method="POST" action="{{ url_for('login') }}">
<input name="nick" type="text" class="form-control" placeholder="Pseudo">
<input name="email" type="email" class="form-control" placeholder="Adresse e-mail">
<br>
<input type="submit" class="btn btn-primary" value="Valider">
</form>
{% endif %}
</li>
</ul>
</div>
</li>
</ul>
</div>
</header>
<section class="container-fluid">
{% for message in get_flashed_messages() %}
<div class="alert alert-danger" role="alert">{{ message }}</div>
{% endfor %}
{% block content %}
{% endblock %}
......@@ -63,6 +97,14 @@
</small>
</footer>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script>
$('.dropdown-toggle').dropdown();
</script>
{% block scripts %}
{% endblock %}
......
......@@ -57,7 +57,6 @@
{% endblock %}
{% block scripts %}
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js" integrity="sha256-GcknncGKzlKm69d+sp+k3A2NyQE+jnu43aBl6rrDN2I=" crossorigin="anonymous"></script>
<script>
......
......@@ -65,7 +65,6 @@
{% endblock %}
{% block scripts %}
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
<script src="{{ url_for('static', filename='moment.min.js') }}"></script>
<script src="{{ url_for('static', filename='bootstrap-sortable.js') }}"></script>
......
......@@ -34,12 +34,29 @@
</article>
</section>
</div>
{% if parlementaire.etape.ordre == 10 %}
<div class="col-md-12" id="letter-container">
<iframe name="demande" id="demande" src="{{ url_for('demande_pdf', id=parlementaire.id) }}">
</iframe>
</div>
{% if session.user %}
<div class="col-md-12" id="letter-container">
<iframe name="demande" id="demande" src="{{ url_for('demande_pdf', id=parlementaire.id) }}">
</iframe>
</div>
{% else %}
<div class="col-md-12">
<div class="alert alert-warning" role="alert">
Pour envoyer une demande et assurer son suivi, il faut au préalable <a href="#" id="identify-link">vous identifier</a>.
</div>
</div>
{% endif %}
{% else %}
...
{% endif %}
{% endblock %}
{% block scripts %}
<script>
$('#identify-link').click(function() {
$('.login .dropdown-toggle').dropdown('toggle');
});
</script>
{% endblock %}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment