From fe69670f1905ba7b663114cfab9402ba29638916 Mon Sep 17 00:00:00 2001 From: Phuoc CAO Date: Fri, 9 Dec 2022 10:53:57 +0100 Subject: [PATCH] added forbidden_view_config on login.jinja2 --- cao_blogr.sqlite | Bin 28672 -> 28672 bytes cao_blogr/alembic/env.py | 2 +- .../alembic/versions/20221208_7cfe6f79c819.py | 28 ++++++++++++++++ .../alembic/versions/20221208_86d2844ace15.py | 26 +++++++++++++++ .../alembic/versions/20221208_b6095fa68edc.py | 26 +++++++++++++++ cao_blogr/templates/login.jinja2 | 2 +- cao_blogr/views/default.py | 30 ++++++++++++------ setup.py | 4 +-- 8 files changed, 105 insertions(+), 13 deletions(-) create mode 100644 cao_blogr/alembic/versions/20221208_7cfe6f79c819.py create mode 100644 cao_blogr/alembic/versions/20221208_86d2844ace15.py create mode 100644 cao_blogr/alembic/versions/20221208_b6095fa68edc.py diff --git a/cao_blogr.sqlite b/cao_blogr.sqlite index 4f6e422876b6264f85fa4bd72453d4a3835d9b22..97fdc7d86e9748374d7d4df9e0ed0bee71974ff3 100644 GIT binary patch delta 439 zcmZp8z}WDBae}m<6$1kUI}pPF=R_T2Nh=0Di4(j$=NQiwCHj-sNIQz!p7o;A7NQgd^bsR1J&FPEbW2=a3Aa_K5eHncX{ ze9r7Sqo|>gu7QPup^24|k(H5wp0Rme) zCZ>Ak24*HErhMECq70HiHD#&A1*t_UW-7q2Xq01uX|#)<#l9J=Kyq?i>_EZgC!Uy|Bs!vC_w-KWTbYo delta 333 zcmZp8z}WDBae}mNnHj#i4(lMFBsUk*D&z&^6%tc!*`G89Pi%E zf&wPoo7ZqFF|st~u(EHy#G@?Cos^iIl4@*fWNebMN#QHMBod#OZw>=9%S;BAnfwmC zi#ImPFm2W{@?e^L-dIUExg@`+auPcuH-mbAprfOx=w$uP4JMx%H`kjbLHi1lw)CI zkZi1VoO~i~CWj0&8-pl_lNCRWvr(3jjX@m5+ZWR$2QuAE!NAbN yQI-j+q$GBhhPJr4V`55fW*(R@GB7gI1?n<11?e(1w=y!+voJQbG%{F}AOHZ>G*+wt diff --git a/cao_blogr/alembic/env.py b/cao_blogr/alembic/env.py index 9546957..cfbc519 100644 --- a/cao_blogr/alembic/env.py +++ b/cao_blogr/alembic/env.py @@ -3,7 +3,7 @@ from alembic import context from pyramid.paster import get_appsettings, setup_logging from sqlalchemy import engine_from_config -from pyramid_blogr.models.meta import Base +from cao_blogr.models.meta import Base config = context.config diff --git a/cao_blogr/alembic/versions/20221208_7cfe6f79c819.py b/cao_blogr/alembic/versions/20221208_7cfe6f79c819.py new file mode 100644 index 0000000..15e047b --- /dev/null +++ b/cao_blogr/alembic/versions/20221208_7cfe6f79c819.py @@ -0,0 +1,28 @@ +"""init + +Revision ID: 7cfe6f79c819 +Revises: b6095fa68edc +Create Date: 2022-12-08 16:30:41.529957 + +""" +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = '7cfe6f79c819' +down_revision = 'b6095fa68edc' +branch_labels = None +depends_on = None + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.add_column('users', sa.Column('groups', sa.Unicode(), nullable=True)) + op.drop_column('users', 'group') + # ### end Alembic commands ### + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.add_column('users', sa.Column('group', sa.VARCHAR(), nullable=True)) + op.drop_column('users', 'groups') + # ### end Alembic commands ### diff --git a/cao_blogr/alembic/versions/20221208_86d2844ace15.py b/cao_blogr/alembic/versions/20221208_86d2844ace15.py new file mode 100644 index 0000000..8b46a8e --- /dev/null +++ b/cao_blogr/alembic/versions/20221208_86d2844ace15.py @@ -0,0 +1,26 @@ +"""init + +Revision ID: 86d2844ace15 +Revises: bbacde35234d +Create Date: 2022-12-08 15:53:57.291157 + +""" +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = '86d2844ace15' +down_revision = 'bbacde35234d' +branch_labels = None +depends_on = None + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.add_column('users', sa.Column('group', sa.Unicode(), nullable=True)) + # ### end Alembic commands ### + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.drop_column('users', 'group') + # ### end Alembic commands ### diff --git a/cao_blogr/alembic/versions/20221208_b6095fa68edc.py b/cao_blogr/alembic/versions/20221208_b6095fa68edc.py new file mode 100644 index 0000000..0c33480 --- /dev/null +++ b/cao_blogr/alembic/versions/20221208_b6095fa68edc.py @@ -0,0 +1,26 @@ +"""init + +Revision ID: b6095fa68edc +Revises: 86d2844ace15 +Create Date: 2022-12-08 16:22:49.206993 + +""" +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = 'b6095fa68edc' +down_revision = '86d2844ace15' +branch_labels = None +depends_on = None + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + pass + # ### end Alembic commands ### + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + pass + # ### end Alembic commands ### diff --git a/cao_blogr/templates/login.jinja2 b/cao_blogr/templates/login.jinja2 index 62fef50..704dc22 100644 --- a/cao_blogr/templates/login.jinja2 +++ b/cao_blogr/templates/login.jinja2 @@ -5,7 +5,7 @@
-
+

Se connecter

diff --git a/cao_blogr/views/default.py b/cao_blogr/views/default.py index 38325a9..352b157 100644 --- a/cao_blogr/views/default.py +++ b/cao_blogr/views/default.py @@ -1,4 +1,7 @@ -from pyramid.view import view_config +from pyramid.view import ( + view_config, + forbidden_view_config, +) from pyramid.httpexceptions import HTTPFound from pyramid.security import remember, forget from ..services.user import UserService @@ -27,23 +30,33 @@ def apropos(request): } -@view_config(route_name='login', - renderer='cao_blogr:templates/login.jinja2') +@view_config(route_name='login', renderer='cao_blogr:templates/login.jinja2') +@forbidden_view_config(renderer='cao_blogr:templates/login.jinja2') def login(request): - username = request.POST.get('username') + username = '' + login_url = request.route_url('login') + + referrer = request.url + if referrer == login_url: + referrer = '/' # never use the login form itself as came_from + came_from = request.params.get('came_from', referrer) + username = request.POST.get('username') + userpwd = request.POST.get('password') if username: user = UserService.by_name(request, username) - if user and user.verify_password(request.POST.get('password')): - headers = remember(request, user.name) + if user and user.verify_password(userpwd): + headers = remember(request, username) request.session.flash("Bienvenue %s !" % username, 'success') - return HTTPFound(location=request.route_url('home'), headers=headers) + return HTTPFound(location=came_from, headers=headers) else: headers = forget(request) request.session.flash("Login et mot de passe invalides. La connexion a échoué.", "danger") return { 'page_title': "", + 'came_from': came_from, + 'login_url': login_url, } @@ -54,8 +67,7 @@ def logout(request): return HTTPFound(location=request.route_url('home'), headers=headers) -@view_config(route_name='users', - renderer='cao_blogr:templates/users.jinja2', permission='manage') +@view_config(route_name='users', renderer='cao_blogr:templates/users.jinja2', permission='manage') def users(request): # get all users users = UserService.all(request) diff --git a/setup.py b/setup.py index 83a152c..8b2525b 100644 --- a/setup.py +++ b/setup.py @@ -20,8 +20,8 @@ requires = [ 'SQLAlchemy', 'transaction', 'zope.sqlalchemy', - 'wtforms==2.2.1', # form library - 'webhelpers2==2.0', # various web building related helpers + 'wtforms', # form library 2.2.1 + 'webhelpers2', # various web building related helpers 2.0 'passlib', 'markdown2', ]