diff options
| author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2012-11-19 00:20:58 -0300 |
|---|---|---|
| committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2012-11-19 00:20:58 -0300 |
| commit | 1e597a8ee8cd2db3c37c8715410e81cc1972ddc3 (patch) | |
| tree | ec9bd804faefe93a4e83bf06057e311ff3a7b3fe | |
| parent | e0dcb50e48b25f7fe641d54b5338e09486b7157e (diff) | |
| download | askbot-1e597a8ee8cd2db3c37c8715410e81cc1972ddc3.tar.gz askbot-1e597a8ee8cd2db3c37c8715410e81cc1972ddc3.tar.bz2 askbot-1e597a8ee8cd2db3c37c8715410e81cc1972ddc3.zip | |
added mandatory generation of secret key to askbot-setup
| -rw-r--r-- | askbot/deployment/__init__.py | 15 | ||||
| -rw-r--r-- | askbot/deployment/messages.py | 3 | ||||
| -rw-r--r-- | askbot/deps/django_authopenid/util.py | 4 | ||||
| -rw-r--r-- | askbot/deps/django_authopenid/views.py | 7 | ||||
| -rw-r--r-- | askbot/setup_templates/settings.py.mustache | 2 | ||||
| -rw-r--r-- | askbot/startup_procedures.py | 12 | ||||
| -rw-r--r-- | askbot/utils/console.py | 8 | ||||
| -rw-r--r-- | askbot/utils/functions.py | 12 | ||||
| -rw-r--r-- | setup.py | 3 |
9 files changed, 48 insertions, 18 deletions
diff --git a/askbot/deployment/__init__.py b/askbot/deployment/__init__.py index 6be1528f..fd4fd20f 100644 --- a/askbot/deployment/__init__.py +++ b/askbot/deployment/__init__.py @@ -9,6 +9,7 @@ from askbot.deployment import messages from askbot.deployment.messages import print_message from askbot.deployment import path_utils from askbot.utils import console +from askbot.utils.functions import generate_random_key DATABASE_ENGINE_CHOICES = ('1', '2', '3', '4') @@ -129,7 +130,6 @@ def askbot_setup(): #separated all the directory creation process to make it more useful - def deploy_askbot(options): """function that creates django project files, all the neccessary directories for askbot, @@ -186,21 +186,26 @@ def deploy_askbot(options): ) def collect_missing_options(options_dict): + options_dict['secret_key'] = generate_random_key() if options_dict['database_engine'] == '2':#sqlite while True: value = console.simple_dialog( 'Please enter database file name' ) + database_file_name = None if os.path.isfile(value): - print 'file %s exists, please choose another' % value + message = 'file %s exists, use it anyway?' % value + if console.get_yes_or_no(message) == 'yes': + database_file_name = value elif os.path.isdir(value): print '%s is a directory, choose another name' % value elif value in path_utils.FILES_TO_CREATE: print 'name %s cannot be used for the database name' % value elif value == path_utils.LOG_DIR_NAME: print 'name %s cannot be used for the database name' % value - else: - options_dict['database_name'] = value + + if database_file_name: + options_dict['database_name'] = database_file_name return options_dict else:#others @@ -208,7 +213,7 @@ def collect_missing_options(options_dict): if options_dict[key] is None: key_name = key.replace('_', ' ') value = console.simple_dialog( - 'Please enter %s' % key_name, + '\nPlease enter %s' % key_name, required=True ) options_dict[key] = value diff --git a/askbot/deployment/messages.py b/askbot/deployment/messages.py index 0d264695..f2c512bc 100644 --- a/askbot/deployment/messages.py +++ b/askbot/deployment/messages.py @@ -19,8 +19,7 @@ CANT_INSTALL_INTO_FILE = '%(path)s is a file\ncannot install there' SHOULD_ADD_APP_HERE = 'Directory %(path)s?\nalready has a Django ' \ + 'project - do you want to add askbot app to that project?' -HOW_TO_DEPLOY_NEW = 'Done. Please find further instructions in the file below:'\ - + '\n%(help_file)s' +HOW_TO_DEPLOY_NEW = 'Done. Please find further instructions at http://askbot.org/doc/' HOW_TO_ADD_ASKBOT_TO_DJANGO = HOW_TO_DEPLOY_NEW diff --git a/askbot/deps/django_authopenid/util.py b/askbot/deps/django_authopenid/util.py index 8d37b9e5..e003c493 100644 --- a/askbot/deps/django_authopenid/util.py +++ b/askbot/deps/django_authopenid/util.py @@ -848,7 +848,3 @@ def ldap_check_password(username, password): except ldap.LDAPError, e: logging.critical(unicode(e)) return False - -def generate_random_key(): - random.seed() - return '%032x' % random.getrandbits(128) diff --git a/askbot/deps/django_authopenid/views.py b/askbot/deps/django_authopenid/views.py index 9e383b49..8e206120 100644 --- a/askbot/deps/django_authopenid/views.py +++ b/askbot/deps/django_authopenid/views.py @@ -45,6 +45,7 @@ from django.shortcuts import render from django.template.loader import get_template from django.views.decorators import csrf from django.utils.encoding import smart_unicode +from askbot.utils.functions import generate_random_key from django.utils.html import escape from django.utils.translation import ugettext as _ from django.utils.safestring import mark_safe @@ -964,7 +965,7 @@ def register(request, login_provider_name=None, user_identifier=None): else: request.session['username'] = username request.session['email'] = email - key = util.generate_random_key() + key = generate_random_key() email = request.session['email'] send_email_key(email, key, handler_url_name='verify_email_and_register') request.session['validation_code'] = key @@ -1107,7 +1108,7 @@ def signup_with_password(request): request.session['email'] = email request.session['password'] = password #todo: generate a key and save it in the session - key = util.generate_random_key() + key = generate_random_key() email = request.session['email'] send_email_key(email, key, handler_url_name='verify_email_and_register') request.session['validation_code'] = key @@ -1206,7 +1207,7 @@ def send_email_key(email, key, handler_url_name='user_account_recover'): send_mail(subject, message, django_settings.DEFAULT_FROM_EMAIL, [email]) def send_user_new_email_key(user): - user.email_key = util.generate_random_key() + user.email_key = generate_random_key() user.save() send_email_key(user.email, user.email_key) diff --git a/askbot/setup_templates/settings.py.mustache b/askbot/setup_templates/settings.py.mustache index be4c3800..bd77e82e 100644 --- a/askbot/setup_templates/settings.py.mustache +++ b/askbot/setup_templates/settings.py.mustache @@ -87,7 +87,7 @@ STATIC_ROOT = os.path.join(PROJECT_ROOT, 'static') ADMIN_MEDIA_PREFIX = STATIC_URL + 'admin/' # Make up some unique string, and don't share it with anybody. -SECRET_KEY = 'sdljdfjkldsflsdjkhsjkldgjlsdgfs s ' +SECRET_KEY = '{{secret_key}}' # List of callables that know how to import templates from various sources. TEMPLATE_LOADERS = ( diff --git a/askbot/startup_procedures.py b/askbot/startup_procedures.py index 50f6b929..6817d842 100644 --- a/askbot/startup_procedures.py +++ b/askbot/startup_procedures.py @@ -799,6 +799,17 @@ def test_group_messaging(): print_errors(errors) +def test_secret_key(): + key = django_settings.SECRET_KEY + if key.strip() == '': + print_errors(['please create a random SECRET_KEY setting',]) + elif key == 'sdljdfjkldsflsdjkhsjkldgjlsdgfs s ': + print_errors([ + 'Please change your SECRET_KEY setting, the current is not secure' + ]) + + + def run_startup_tests(): """function that runs all startup tests, mainly checking settings config so far @@ -822,6 +833,7 @@ def run_startup_tests(): test_group_messaging() test_haystack() test_cache_backend() + test_secret_key() settings_tester = SettingsTester({ 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY': { 'value': True, diff --git a/askbot/utils/console.py b/askbot/utils/console.py index 644a7f21..23cff6f9 100644 --- a/askbot/utils/console.py +++ b/askbot/utils/console.py @@ -34,6 +34,7 @@ def choice_dialog(prompt_phrase, choices = None, invalid_phrase = None): print invalid_phrase % {'opt_string': opt_string} time.sleep(1) + def simple_dialog(prompt_phrase, required=False): """asks user to enter a string, if `required` is True, will repeat question until non-empty input is given @@ -49,6 +50,13 @@ def simple_dialog(prompt_phrase, required=False): return response time.sleep(1) + + +def get_yes_or_no(prompt_phrase): + while True: + response = raw_input(prompt_phrase + ' (yes/no)\n> ').strip() + if response in ('yes', 'no'): + return response def open_new_file(prompt_phrase, extension = '', hint = None): diff --git a/askbot/utils/functions.py b/askbot/utils/functions.py index f9d36534..2579728b 100644 --- a/askbot/utils/functions.py +++ b/askbot/utils/functions.py @@ -1,8 +1,8 @@ import re +import random import datetime from django.utils.translation import ugettext as _ from django.utils.translation import ungettext -from django.contrib.auth.models import User def get_from_dict_or_object(source, key): try: @@ -162,8 +162,16 @@ def setup_paginator(context): } def get_admin(): - '''Returns an admin users, usefull for raising flags''' + """Returns an admin users, usefull for raising flags""" try: + from django.contrib.auth.models import User return User.objects.filter(is_superuser=True)[0] except: raise Exception('there is no admin users') + +def generate_random_key(length=16): + """return random string, length is number of characters""" + random.seed() + assert(isinstance(length, int)) + format_string = '%0' + str(2*length) + 'x' + return format_string % random.getrandbits(length*8) @@ -124,7 +124,8 @@ print """************************************************************** * Thanks for installing Askbot. * * * * To start deploying type: askbot-setup * -* Please take a look at the manual askbot/doc/INSTALL * +* * +* Please take a look at the manual http://askbot.org/doc/ * * And please do not hesitate to ask your questions at * * at http://askbot.org * * * |