Commit d96741a2 authored by markus scheller's avatar markus scheller
Browse files

Merge branch 'master' into 172-dokumentation-ueberarbeiten to prepare to role...

Merge branch 'master' into 172-dokumentation-ueberarbeiten to prepare to role out the changes made to master
parents 58960040 bb2beb7b
[flake8]
ignore = E402,W503
......@@ -19,9 +19,17 @@ def anchor(func, cookie=cookie):
return result
def default_url(default, **url_args):
return url_for(default, **url_args)
def url(default=default_view, cookie=cookie, **url_args):
return session.get(cookie, url_for(default, **url_args))
return session.get(cookie, default_url(default, **url_args))
def redirect(default=default_view, cookie=cookie, **url_args):
return flask_redirect(url(default, cookie, **url_args))
print(request.url, request.url_rule, default, session.get(cookie))
target = url(default, cookie, **url_args)
if target == request.url:
target = default_url(default, **url_args)
return flask_redirect(target)
......@@ -25,6 +25,9 @@ CELERY_BROKER_URL = "redis://localhost:6379/0" # change this if you do not use r
CELERY_TASK_SERIALIZER = "pickle" # do not change
CELERY_ACCEPT_CONTENT = ["pickle"] # do not change
# Send exceptions to sentry (optional)
# SENTRY_DSN = "https://********:********@sentry.example.com//1"
# CUPS printserver (optional)
PRINTING_ACTIVE = True
PRINTING_SERVER = "printsrv.example.com:631"
......
from flask import request, flash, abort
from functools import wraps
from hmac import compare_digest
from models.database import ALL_MODELS
from shared import current_user
......@@ -97,8 +98,8 @@ def protect_csrf(function):
@wraps(function)
def _decorated_function(*args, **kwargs):
token = request.args.get("csrf_token")
if token != get_csrf_token():
print(token, get_csrf_token())
true_token = get_csrf_token()
if token is None or not compare_digest(token, true_token):
abort(400)
return function(*args, **kwargs)
return _decorated_function
......@@ -376,7 +376,6 @@ class Protocol(DatabaseModel):
candidates = [
document for document in self.documents
if document.is_compiled
and (private is None or document.is_private == private)
]
private_candidates = [
document for document in candidates
......@@ -386,10 +385,14 @@ class Protocol(DatabaseModel):
document for document in candidates
if not document.is_private
]
if len(private_candidates) > 0:
return private_candidates[0]
elif len(public_candidates) > 0:
return public_candidates[0]
def _get_candidates():
if private is None or private:
return private_candidates + public_candidates
return public_candidates
candidates = _get_candidates()
if candidates:
return candidates[0]
return None
def get_template(self):
......
......@@ -17,6 +17,7 @@ curtsies==0.3.0
enum-compat==0.0.2
eventlet==0.22.1
feedgen==0.6.1
flake8==3.5.0
Flask==0.12.2
Flask-Migrate==2.1.1
Flask-Script==2.0.6
......@@ -34,15 +35,18 @@ ldap3==2.4.1
lxml==4.1.1
Mako==1.0.7
MarkupSafe==1.0
mccabe==0.6.1
nose==1.3.7
packaging==16.8
pathtools==0.1.2
psycopg2==2.7.4
pyasn1==0.4.2
pycodestyle==2.3.1
pyflakes==1.6.0
Pygments==2.2.0
pyldap==2.4.45
pyparsing==2.2.0
python-dateutil==2.6.1
python-dateutil==2.7.0
python-editor==1.0.3
python-engineio==2.0.2
python-Levenshtein==0.12.0
......@@ -50,6 +54,7 @@ python-pam==1.8.2
python-socketio==1.8.4
pytz==2018.3
PyYAML==3.12
raven==6.6.0
redis==2.10.6
regex==2018.2.8
requests==2.18.4
......
......@@ -31,7 +31,7 @@ from shared import (
from utils import (
get_first_unused_int, get_etherpad_text, split_terms, optional_int_arg,
fancy_join, footnote_hash, get_git_revision, get_max_page_length_exp,
get_internal_filename, get_csrf_token)
get_internal_filename, get_csrf_token, get_current_ip)
from decorators import (
db_lookup, protect_csrf,
require_private_view_right, require_modify_right, require_publish_right,
......@@ -64,10 +64,37 @@ migrate = Migrate(app, db)
manager = Manager(app)
manager.add_command("db", MigrateCommand)
try:
from raven.contrib.flask import Sentry
sentry = Sentry(app, dsn=config.SENTRY_DSN)
def get_user_info(request):
return {
"is_authenticated": check_login(),
"ip_address": get_current_ip(),
"release": get_git_revision(),
}
sentry.get_user_info = get_user_info
except ModuleNotFoundError:
print("Raven not installed. Not sending issues to Sentry.")
except AttributeError:
print("DSN not configured. Not sending issues to Sentry.")
def make_celery(app, config):
celery = Celery(app.import_name, broker=config.CELERY_BROKER_URL)
celery.conf.update(app.config)
try:
from raven import Client as RavenClient
from raven.contrib.celery import (
register_signal, register_logger_signal)
raven_client = RavenClient(config.SENTRY_DSN)
register_logger_signal(raven_client)
register_signal(raven_client)
except ModuleNotFoundError:
print("Raven not installed. Not sending celery issues to Sentry.")
except AttributeError:
print("DSN not configured. Not sending celery issues to Sentry.")
return celery
......
......@@ -2,16 +2,6 @@
{% from "macros.html" import render_table, render_form %}
{% block title %}Beschlüsse{% endblock %}
{% macro page_link(text, _page=None, _page_length=None) %}
{% if _page is none %}
{% set _page = page %}
{% endif %}
{% if _page_length is none %}
{% set _page_length = page_length %}
{% endif %}
<a href="{{url_for(request.endpoint, page=_page, protocoltype_id=protocoltype_id, search=search_term, decisioncategory_id=decisioncategory_id, page_length=_page_length)}}">{{text}}</a>
{% endmacro %}
{% block content %}
<div class="container">
{{render_form(search_form, class_="form-inline", action_url=url_for("list_decisions"), action_text="Suchen", labels_visible=False, method="GET")}}
......
......@@ -165,6 +165,18 @@ to not render a label for the CRSFTokenField -->
</table>
{%- endmacro %}
{% macro page_link(text, _page=None, _page_length=None) -%}
{% set args = request.view_args.copy() %}
{% set _ = args.update(request.args) %}
{% if _page is not none %}
{% set _ = args.update({"page": _page}) %}
{% endif %}
{% if _page_length is not none %}
{% set _ = args.update({"page_length": _page_length}) %}
{% endif %}
<a href="{{url_for(request.endpoint, **args)}}">{{text}}</a>
{%- endmacro %}
{% macro render_likes(likes) -%}
{% set timestamp = now() %}
{% if timestamp.month == 4 and timestamp.day == 1 %}
......
{% from "macros.html" import page_link %}
<div class="centered">
{% if page > page_diff %}
{{page_link("<<", _page=0)}}
......
......@@ -51,7 +51,7 @@
{% endif %}
{% if has_admin_right %}
<a class="btn btn-default" href="{{url_for("recompile_protocol", protocol_id=protocol.id, csrf_token=get_csrf_token())}}">Neu kompilieren</a>
<a class="btn btn-danger" href="{{url_for("delete_protocol", protocol_id=protocol.id)}}" onclick="return confirm('Bist du dir sicher, dass du das Protokoll {{protocol.get_short_identifier()}} löschen möchtest?');">Löschen</a>
<a class="btn btn-danger" href="{{url_for("delete_protocol", protocol_id=protocol.id, csrf_token=get_csrf_token())}}" onclick="return confirm('Bist du dir sicher, dass du das Protokoll {{protocol.get_short_identifier()}} löschen möchtest?');">Löschen</a>
{% endif %}
{% endif %}
</div>
......
......@@ -2,18 +2,6 @@
{% from "macros.html" import render_table, render_form %}
{% block title %}Protokolle{% endblock %}
{% macro page_link(text, _page=None, _page_length=None) %}
{% if _page is none %}
{% set _page = page %}
{% endif %}
{% if _page_length is none %}
{% set _page_length = page_length %}
{% endif %}
<a href="{{url_for(request.endpoint, page=_page, protocoltype_id=protocoltype_id, search=search_term, state_open=state_open, page_length=_page_length)}}">{{text}}</a>
{% endmacro %}
{% block content %}
<div class="container">
{{render_form(search_form, class_="form-inline", action_url=url_for("list_protocols"), action_text="Suchen", labels_visible=False, method="GET")}}
......
......@@ -2,16 +2,6 @@
{% from "macros.html" import render_table, render_form %}
{% block title %}Todos{% endblock %}
{% macro page_link(text, _page=None, _page_length=None) %}
{% if _page is none %}
{% set _page = page %}
{% endif %}
{% if _page_length is none %}
{% set _page_length = page_length %}
{% endif %}
<a href="{{url_for(request.endpoint, page=_page, protocoltype_id=protocoltype_id, search=search_term, state_open=state_open, page_length=_page_length)}}">{{text}}</a>
{% endmacro %}
{% block content %}
<div class="container">
{{render_form(search_form, class_="form-inline", action_url=url_for("list_todos"), action_text="Suchen", labels_visible=False, method="GET")}}
......
......@@ -193,11 +193,16 @@ def add_line_numbers(text):
return "\n".join(lines)
def check_ip_in_networks(networks_string):
def get_current_ip():
address = ipaddress.ip_address(request.remote_addr)
if (address == ipaddress.ip_address("127.0.0.1")
and "X-Real-Ip" in request.headers):
address = ipaddress.ip_address(request.headers["X-Real-Ip"])
return address
def check_ip_in_networks(networks_string):
address = get_current_ip()
try:
for network_string in networks_string.split(","):
network = ipaddress.ip_network(network_string.strip())
......
......@@ -144,7 +144,9 @@ class ProtocolsTable(Table):
if protocol.protocoltype.has_admin_right(user):
buttons.append(Table.button(
url_for("delete_protocol", protocol_id=protocol.id),
url_for(
"delete_protocol", protocol_id=protocol.id,
csrf_token=get_csrf_token()),
icon="trash",
style="danger",
confirm="Bist du dir sicher, dass du das Protokoll {} "
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment