generate and store cookie_secret in the db
This commit is contained in:
parent
6c89b3bdf6
commit
1279f0d961
4 changed files with 40 additions and 1 deletions
|
@ -33,6 +33,8 @@ These are the path you see in the browser (AngularJS does client-side routing: n
|
||||||
- /#/person/:person_id - show information about an existing person (contains the list of events the person registered for)
|
- /#/person/:person_id - show information about an existing person (contains the list of events the person registered for)
|
||||||
- /#/person/:person_id/edit - edit form to modify an existing person
|
- /#/person/:person_id/edit - edit form to modify an existing person
|
||||||
- /#/import/persons - form used to import persons in bulk
|
- /#/import/persons - form used to import persons in bulk
|
||||||
|
- /login - login form
|
||||||
|
- /logout - when visited, the user is logged out
|
||||||
|
|
||||||
|
|
||||||
Web server
|
Web server
|
||||||
|
@ -53,6 +55,11 @@ The paths used to communicate with the Tornado web server:
|
||||||
- /events/:event_id/persons/:person_id PUT - update the information about a person related to a given event (e.g.: if the person attended)
|
- /events/:event_id/persons/:person_id PUT - update the information about a person related to a given event (e.g.: if the person attended)
|
||||||
- /persons/:person_id/events GET - the list of events the person registered for
|
- /persons/:person_id/events GET - the list of events the person registered for
|
||||||
- /ebcsvpersons POST - csv file upload to import persons
|
- /ebcsvpersons POST - csv file upload to import persons
|
||||||
|
- /login - login form
|
||||||
|
- /logout - when visited, the user is logged out
|
||||||
|
|
||||||
|
Notice that the above path are the ones used by the webapp. If you plan to use them from an external application (like the _eventman_ barcode/qrcode scanner) you better prepend all the path with /v1.0, where 1.0 is the current value of API\_VERSION.
|
||||||
|
The main advantage in doing so is that, for every call, a useful status code and a JSON value is returned (also for /v10/login that usually would show you the login page).
|
||||||
|
|
||||||
|
|
||||||
Triggers
|
Triggers
|
||||||
|
@ -76,6 +83,8 @@ update_person_in_event and attends will receive these information:
|
||||||
- PERSON_ID
|
- PERSON_ID
|
||||||
- EVENT_ID
|
- EVENT_ID
|
||||||
- EVENT_TITLE
|
- EVENT_TITLE
|
||||||
|
- SEQ
|
||||||
|
- SEQ_HEX
|
||||||
- via stdin, a dictionary containing:
|
- via stdin, a dictionary containing:
|
||||||
- dictionary **old** with the old data of the person
|
- dictionary **old** with the old data of the person
|
||||||
- dictionary **new** with the new data of the person
|
- dictionary **new** with the new data of the person
|
||||||
|
@ -113,6 +122,8 @@ Main field:
|
||||||
- persons.$.company
|
- persons.$.company
|
||||||
- persons.$.job
|
- persons.$.job
|
||||||
- persons.$.ebqrcode
|
- persons.$.ebqrcode
|
||||||
|
- persons.$.seq
|
||||||
|
- persons.$.seq_hex
|
||||||
|
|
||||||
|
|
||||||
persons collection
|
persons collection
|
||||||
|
@ -126,6 +137,16 @@ Basic information about a person:
|
||||||
- persons.job
|
- persons.job
|
||||||
|
|
||||||
|
|
||||||
|
users collection
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Contains a list of username and associated values, like the password used for authentication.
|
||||||
|
|
||||||
|
To generate the hash, use:
|
||||||
|
import utils
|
||||||
|
print utils.hash_password('MyVerySecretPassword')
|
||||||
|
|
||||||
|
|
||||||
TODO
|
TODO
|
||||||
====
|
====
|
||||||
|
|
||||||
|
@ -143,5 +164,6 @@ Nice to have
|
||||||
- notifications for form editing and other actions
|
- notifications for form editing and other actions
|
||||||
- authentication for administrators
|
- authentication for administrators
|
||||||
- i18n
|
- i18n
|
||||||
|
- settings page
|
||||||
- logging and debugging code
|
- logging and debugging code
|
||||||
|
|
||||||
|
|
|
@ -15,10 +15,12 @@ Technological stack
|
||||||
|
|
||||||
- [AngularJS](https://angularjs.org/) (plus some third-party modules) for the webApp
|
- [AngularJS](https://angularjs.org/) (plus some third-party modules) for the webApp
|
||||||
- [Bootstrap](http://getbootstrap.com/) (plus [Angular UI](https://angular-ui.github.io/bootstrap/)) for the eye-candy
|
- [Bootstrap](http://getbootstrap.com/) (plus [Angular UI](https://angular-ui.github.io/bootstrap/)) for the eye-candy
|
||||||
|
- [Font Awesome](https://fortawesome.github.io/Font-Awesome/) for even more cuteness
|
||||||
- [Tornado web](http://www.tornadoweb.org/) as web server
|
- [Tornado web](http://www.tornadoweb.org/) as web server
|
||||||
- [MongoDB](https://www.mongodb.org/) to store the data
|
- [MongoDB](https://www.mongodb.org/) to store the data
|
||||||
|
|
||||||
The web part is incuded; you need to install Tornado, MongoDB and the pymongo module on your system (no configuration needed).
|
The web part is incuded; you need to install Tornado, MongoDB and the pymongo module on your system (no configuration needed).
|
||||||
|
If you want to print labels using the _print\_label_ trigger, you may also need the pycups module.
|
||||||
|
|
||||||
|
|
||||||
Coding style and conventions
|
Coding style and conventions
|
||||||
|
@ -50,6 +52,11 @@ Open browser and navigate to: http://localhost:5242/
|
||||||
|
|
||||||
If you store SSL key and certificate in the *ssl* directory (default names: eventman\_key.pem and eventman\_cert.pem), HTTPS will be used: https://localhost:5242/
|
If you store SSL key and certificate in the *ssl* directory (default names: eventman\_key.pem and eventman\_cert.pem), HTTPS will be used: https://localhost:5242/
|
||||||
|
|
||||||
|
Authentication
|
||||||
|
==============
|
||||||
|
|
||||||
|
By default, authentication is required; default username and password are *admin* and *eventman*.
|
||||||
|
|
||||||
|
|
||||||
License and copyright
|
License and copyright
|
||||||
=====================
|
=====================
|
||||||
|
|
|
@ -23,7 +23,7 @@ FONT_TEXT_ENCODING = 'latin-1'
|
||||||
FONT_BARCODE = 'free3of9.ttf'
|
FONT_BARCODE = 'free3of9.ttf'
|
||||||
|
|
||||||
PRINTER_NAME = None
|
PRINTER_NAME = None
|
||||||
PRINTER_NAME = 'DYMO_LabelWriter_450'
|
#PRINTER_NAME = 'DYMO_LabelWriter_450'
|
||||||
|
|
||||||
|
|
||||||
def _get_resource(filename):
|
def _get_resource(filename):
|
||||||
|
|
|
@ -665,6 +665,16 @@ def run():
|
||||||
db_connector.add('users',
|
db_connector.add('users',
|
||||||
{'username': 'admin', 'password': utils.hash_password('eventman')})
|
{'username': 'admin', 'password': utils.hash_password('eventman')})
|
||||||
|
|
||||||
|
# If present, use the cookie_secret stored into the database.
|
||||||
|
cookie_secret = db_connector.query('settings', {'setting': 'server_cookie_secret'})
|
||||||
|
if cookie_secret:
|
||||||
|
cookie_secret = cookie_secret[0]['cookie_secret']
|
||||||
|
else:
|
||||||
|
# the salt guarantees its uniqueness
|
||||||
|
cookie_secret = utils.hash_password('__COOKIE_SECRET__')
|
||||||
|
db_connector.add('settings',
|
||||||
|
{'setting': 'server_cookie_secret', 'cookie_secret': cookie_secret})
|
||||||
|
|
||||||
_ws_handler = (r"/ws/+event/+(?P<event_id>\w+)/+updates/?", WebSocketEventUpdatesHandler)
|
_ws_handler = (r"/ws/+event/+(?P<event_id>\w+)/+updates/?", WebSocketEventUpdatesHandler)
|
||||||
_persons_path = r"/persons/?(?P<id_>\w+)?/?(?P<resource>\w+)?/?(?P<resource_id>\w+)?"
|
_persons_path = r"/persons/?(?P<id_>\w+)?/?(?P<resource>\w+)?/?(?P<resource_id>\w+)?"
|
||||||
_events_path = r"/events/?(?P<id_>\w+)?/?(?P<resource>\w+)?/?(?P<resource_id>\w+)?"
|
_events_path = r"/events/?(?P<id_>\w+)?/?(?P<resource>\w+)?/?(?P<resource_id>\w+)?"
|
||||||
|
|
Loading…
Reference in a new issue