From 1e597a8ee8cd2db3c37c8715410e81cc1972ddc3 Mon Sep 17 00:00:00 2001
From: Evgeny Fadeev <evgeny.fadeev@gmail.com>
Date: Mon, 19 Nov 2012 00:20:58 -0300
Subject: added mandatory generation of secret key to askbot-setup

---
 askbot/deployment/__init__.py               | 15 ++++++++++-----
 askbot/deployment/messages.py               |  3 +--
 askbot/deps/django_authopenid/util.py       |  4 ----
 askbot/deps/django_authopenid/views.py      |  7 ++++---
 askbot/setup_templates/settings.py.mustache |  2 +-
 askbot/startup_procedures.py                | 12 ++++++++++++
 askbot/utils/console.py                     |  8 ++++++++
 askbot/utils/functions.py                   | 12 ++++++++++--
 8 files changed, 46 insertions(+), 17 deletions(-)

(limited to 'askbot')

diff --git a/askbot/deployment/__init__.py b/askbot/deployment/__init__.py
index 6be1528f..fd4fd20f 100644
--- a/askbot/deployment/__init__.py
+++ b/askbot/deployment/__init__.py
@@ -9,6 +9,7 @@ from askbot.deployment import messages
 from askbot.deployment.messages import print_message
 from askbot.deployment import path_utils
 from askbot.utils import console
+from askbot.utils.functions import generate_random_key
 
 DATABASE_ENGINE_CHOICES = ('1', '2', '3', '4')
 
@@ -129,7 +130,6 @@ def askbot_setup():
 
 
 #separated all the directory creation process to make it more useful
-
 def deploy_askbot(options):
     """function that creates django project files,
     all the neccessary directories for askbot,
@@ -186,21 +186,26 @@ def deploy_askbot(options):
         )
 
 def collect_missing_options(options_dict):
+    options_dict['secret_key'] = generate_random_key()
     if options_dict['database_engine'] == '2':#sqlite
         while True:
             value = console.simple_dialog(
                             'Please enter database file name'
                         )
+            database_file_name = None
             if os.path.isfile(value):
-                print 'file %s exists, please choose another' % value
+                message = 'file %s exists, use it anyway?' % value
+                if console.get_yes_or_no(message) == 'yes':
+                    database_file_name = value
             elif os.path.isdir(value):
                 print '%s is a directory, choose another name' % value
             elif value in path_utils.FILES_TO_CREATE:
                 print 'name %s cannot be used for the database name' % value
             elif value == path_utils.LOG_DIR_NAME:
                 print 'name %s cannot be used for the database name' % value
-            else:
-                options_dict['database_name'] = value
+
+            if database_file_name:
+                options_dict['database_name'] = database_file_name
                 return options_dict
 
     else:#others
@@ -208,7 +213,7 @@ def collect_missing_options(options_dict):
             if options_dict[key] is None:
                 key_name = key.replace('_', ' ')
                 value = console.simple_dialog(
-                    'Please enter %s' % key_name,
+                    '\nPlease enter %s' % key_name,
                     required=True
                 )
                 options_dict[key] = value
diff --git a/askbot/deployment/messages.py b/askbot/deployment/messages.py
index 0d264695..f2c512bc 100644
--- a/askbot/deployment/messages.py
+++ b/askbot/deployment/messages.py
@@ -19,8 +19,7 @@ CANT_INSTALL_INTO_FILE = '%(path)s is a file\ncannot install there'
 SHOULD_ADD_APP_HERE = 'Directory %(path)s?\nalready has a Django ' \
                     + 'project - do you want to add askbot app to that project?'
 
-HOW_TO_DEPLOY_NEW = 'Done. Please find further instructions in the file below:'\
-                    + '\n%(help_file)s'
+HOW_TO_DEPLOY_NEW = 'Done. Please find further instructions at http://askbot.org/doc/'
 
 HOW_TO_ADD_ASKBOT_TO_DJANGO = HOW_TO_DEPLOY_NEW
 
diff --git a/askbot/deps/django_authopenid/util.py b/askbot/deps/django_authopenid/util.py
index 8d37b9e5..e003c493 100644
--- a/askbot/deps/django_authopenid/util.py
+++ b/askbot/deps/django_authopenid/util.py
@@ -848,7 +848,3 @@ def ldap_check_password(username, password):
     except ldap.LDAPError, e:
         logging.critical(unicode(e))
         return False
-
-def generate_random_key():
-    random.seed()
-    return '%032x' % random.getrandbits(128) 
diff --git a/askbot/deps/django_authopenid/views.py b/askbot/deps/django_authopenid/views.py
index 9e383b49..8e206120 100644
--- a/askbot/deps/django_authopenid/views.py
+++ b/askbot/deps/django_authopenid/views.py
@@ -45,6 +45,7 @@ from django.shortcuts import render
 from django.template.loader import get_template
 from django.views.decorators import csrf
 from django.utils.encoding import smart_unicode
+from askbot.utils.functions import generate_random_key
 from django.utils.html import escape
 from django.utils.translation import ugettext as _
 from django.utils.safestring import mark_safe
@@ -964,7 +965,7 @@ def register(request, login_provider_name=None, user_identifier=None):
             else:
                 request.session['username'] = username
                 request.session['email'] = email
-                key = util.generate_random_key()
+                key = generate_random_key()
                 email = request.session['email']
                 send_email_key(email, key, handler_url_name='verify_email_and_register')
                 request.session['validation_code'] = key
@@ -1107,7 +1108,7 @@ def signup_with_password(request):
                 request.session['email'] = email
                 request.session['password'] = password
                 #todo: generate a key and save it in the session
-                key = util.generate_random_key()
+                key = generate_random_key()
                 email = request.session['email']
                 send_email_key(email, key, handler_url_name='verify_email_and_register')
                 request.session['validation_code'] = key
@@ -1206,7 +1207,7 @@ def send_email_key(email, key, handler_url_name='user_account_recover'):
     send_mail(subject, message, django_settings.DEFAULT_FROM_EMAIL, [email])
 
 def send_user_new_email_key(user):
-    user.email_key = util.generate_random_key()
+    user.email_key = generate_random_key()
     user.save()
     send_email_key(user.email, user.email_key)
 
diff --git a/askbot/setup_templates/settings.py.mustache b/askbot/setup_templates/settings.py.mustache
index be4c3800..bd77e82e 100644
--- a/askbot/setup_templates/settings.py.mustache
+++ b/askbot/setup_templates/settings.py.mustache
@@ -87,7 +87,7 @@ STATIC_ROOT = os.path.join(PROJECT_ROOT, 'static')
 ADMIN_MEDIA_PREFIX = STATIC_URL + 'admin/'
 
 # Make up some unique string, and don't share it with anybody.
-SECRET_KEY = 'sdljdfjkldsflsdjkhsjkldgjlsdgfs s ' 
+SECRET_KEY = '{{secret_key}}'
 
 # List of callables that know how to import templates from various sources.
 TEMPLATE_LOADERS = (
diff --git a/askbot/startup_procedures.py b/askbot/startup_procedures.py
index 50f6b929..6817d842 100644
--- a/askbot/startup_procedures.py
+++ b/askbot/startup_procedures.py
@@ -799,6 +799,17 @@ def test_group_messaging():
         print_errors(errors)
 
 
+def test_secret_key():
+    key = django_settings.SECRET_KEY
+    if key.strip() == '':
+        print_errors(['please create a random SECRET_KEY setting',])
+    elif key == 'sdljdfjkldsflsdjkhsjkldgjlsdgfs s ':
+        print_errors([
+            'Please change your SECRET_KEY setting, the current is not secure'
+        ])
+        
+
+
 def run_startup_tests():
     """function that runs
     all startup tests, mainly checking settings config so far
@@ -822,6 +833,7 @@ def run_startup_tests():
     test_group_messaging()
     test_haystack()
     test_cache_backend()
+    test_secret_key()
     settings_tester = SettingsTester({
         'CACHE_MIDDLEWARE_ANONYMOUS_ONLY': {
             'value': True,
diff --git a/askbot/utils/console.py b/askbot/utils/console.py
index 644a7f21..23cff6f9 100644
--- a/askbot/utils/console.py
+++ b/askbot/utils/console.py
@@ -34,6 +34,7 @@ def choice_dialog(prompt_phrase, choices = None, invalid_phrase = None):
             print invalid_phrase % {'opt_string': opt_string}
         time.sleep(1)
 
+
 def simple_dialog(prompt_phrase, required=False):
     """asks user to enter a string, if `required` is True,
     will repeat question until non-empty input is given
@@ -49,6 +50,13 @@ def simple_dialog(prompt_phrase, required=False):
             return response
 
         time.sleep(1)
+
+
+def get_yes_or_no(prompt_phrase):
+    while True:
+        response = raw_input(prompt_phrase + ' (yes/no)\n> ').strip()
+        if response in ('yes', 'no'):
+            return response
             
 
 def open_new_file(prompt_phrase, extension = '', hint = None):
diff --git a/askbot/utils/functions.py b/askbot/utils/functions.py
index f9d36534..2579728b 100644
--- a/askbot/utils/functions.py
+++ b/askbot/utils/functions.py
@@ -1,8 +1,8 @@
 import re
+import random
 import datetime
 from django.utils.translation import ugettext as _
 from django.utils.translation import ungettext
-from django.contrib.auth.models import User
 
 def get_from_dict_or_object(source, key):
     try:
@@ -162,8 +162,16 @@ def setup_paginator(context):
         }
 
 def get_admin():
-    '''Returns an admin users, usefull for raising flags'''
+    """Returns an admin users, usefull for raising flags"""
     try:
+        from django.contrib.auth.models import User
         return User.objects.filter(is_superuser=True)[0]
     except:
         raise Exception('there is no admin users')
+
+def generate_random_key(length=16):
+    """return random string, length is number of characters"""
+    random.seed()
+    assert(isinstance(length, int))
+    format_string = '%0' + str(2*length) + 'x'
+    return format_string % random.getrandbits(length*8)
-- 
cgit v1.2.3-1-g7c22