From c3bde999c113b2b060e16659c47c2bcb7f8d7e5d Mon Sep 17 00:00:00 2001 From: Wookey Date: Tue, 2 Jul 2013 00:47:42 +0100 Subject: [PATCH 1/5] Don't explode if a master survex file is not found for a directory - that shouldn't cause total failure to read the database in. --- core/views_survex.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/views_survex.py b/core/views_survex.py index 95bdc70..cf3b556 100644 --- a/core/views_survex.py +++ b/core/views_survex.py @@ -245,7 +245,7 @@ def identifycavedircontents(gcavedir): else: assert re.match(".*?(?:.3d|.log|.err|.txt|.tmp|.diff|.e?spec|~)$", f), (gcavedir, f) subsvx.sort() - assert primesvx, (gcavedir, subsvx) + #assert primesvx, (gcavedir, subsvx) if primesvx: subsvx.insert(0, primesvx) return subdirs, subsvx From ca1a1dfb973f3dc7c522dfa39bd84ecba6d8b344 Mon Sep 17 00:00:00 2001 From: Wookey Date: Tue, 2 Jul 2013 00:49:07 +0100 Subject: [PATCH 2/5] parsing_log should not be saved in the vcs --- .hgignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgignore b/.hgignore index 891aae3..ad091eb 100644 --- a/.hgignore +++ b/.hgignore @@ -5,3 +5,4 @@ syntax: glob db* localsettings.py *~ +parsing_log.txt From ed13cca2613be9aa5b708ead5efb6f9c9075f93c Mon Sep 17 00:00:00 2001 From: Wookey Date: Tue, 2 Jul 2013 18:10:45 +0100 Subject: [PATCH 3/5] Add CSRF protection to registration form (and remove annoying second password) --- registration/forms.py | 13 +++++-------- registration/views.py | 17 +++++++++++++---- templates/registration/registration_form.html | 11 +---------- 3 files changed, 19 insertions(+), 22 deletions(-) diff --git a/registration/forms.py b/registration/forms.py index 2f591d4..9b68279 100644 --- a/registration/forms.py +++ b/registration/forms.py @@ -15,15 +15,15 @@ from registration.models import RegistrationProfile # on them with CSS or JavaScript if they have a class of "required" # in the HTML. Your mileage may vary. If/when Django ticket #3515 # lands in trunk, this will no longer be necessary. -attrs_dict = { 'class': 'required' } +# This was fixed in 2007, so I guess we don't need this any more. [W] +#attrs_dict = { 'class': 'required' } class RegistrationForm(forms.Form): """ Form for registering a new user account. - Validates that the requested username is not already in use, and - requires the password to be entered twice to catch typos. + Validates that the requested username is not already in use. Subclasses should feel free to add any additional validation they need, but should either preserve the base ``save()`` or implement @@ -39,8 +39,7 @@ class RegistrationForm(forms.Form): label=_(u'email address')) password1 = forms.CharField(widget=forms.PasswordInput(attrs=attrs_dict, render_value=False), label=_(u'password')) - password2 = forms.CharField(widget=forms.PasswordInput(attrs=attrs_dict, render_value=False), - label=_(u'password (again)')) + def clean_username(self): """ @@ -62,9 +61,7 @@ class RegistrationForm(forms.Form): field. """ - if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data: - if self.cleaned_data['password1'] != self.cleaned_data['password2']: - raise forms.ValidationError(_(u'You must type the same password each time')) + if 'password1' in self.cleaned_data: if len(self.cleaned_data['password1']) < 6: raise forms.ValidationError(_(u'Your password must be at least 6 characters')) return self.cleaned_data diff --git a/registration/views.py b/registration/views.py index 2d4373a..9603b56 100644 --- a/registration/views.py +++ b/registration/views.py @@ -11,7 +11,9 @@ from django.http import HttpResponseRedirect from django.shortcuts import render_to_response from django.template import RequestContext from django.contrib.auth import login - +#Add CSRF protection: +from django.core.context_processors import csrf +from django.shortcuts import render_to_response from registration.forms import RegistrationForm from registration.models import RegistrationProfile @@ -64,7 +66,10 @@ def activate(request, activation_key, """ - + # Generate CSRF token + c = {} + c.update(csrf(request)) + activation_key = activation_key.lower() # Normalize before trying anything with it. account = RegistrationProfile.objects.activate_user(activation_key) try: @@ -79,7 +84,7 @@ def activate(request, activation_key, return render_to_response(template_name, { 'account': account, 'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings}, - context_instance=context) + context_instance=context, c) def register(request, success_url=None, @@ -140,6 +145,10 @@ def register(request, success_url=None, argument. """ + # Generate CSRF token + c = {} + c.update(csrf(request)) + if request.method == 'POST': form = form_class(data=request.POST, files=request.FILES) if form.is_valid(): @@ -160,4 +169,4 @@ def register(request, success_url=None, context[key] = callable(value) and value() or value return render_to_response(template_name, { 'form': form,'settings':settings }, - context_instance=context) + context_instance=context, c) diff --git a/templates/registration/registration_form.html b/templates/registration/registration_form.html index 5720a8b..f82c6cb 100644 --- a/templates/registration/registration_form.html +++ b/templates/registration/registration_form.html @@ -9,7 +9,7 @@ registration_form.html | {{ block.super }} {% endblock %} {% block content %} -
+{% csrf_token %} {% for error in form.non_field_errors %} {{ error }} {% endfor %} @@ -41,15 +41,6 @@ registration_form.html | {{ block.super }} {% endfor %} - - Password (again): - - {{ form.password2 }}
- {% for error in form.password2.errors %} - {{ error }} - {% endfor %} - -   From 6adcadb97c5cc8c33d218cd3532a17e5f802884d Mon Sep 17 00:00:00 2001 From: Wookey Date: Tue, 2 Jul 2013 18:12:18 +0100 Subject: [PATCH 4/5] Remove support for django 1.0 CSRF as we only care about 1.2 or later --- settings.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/settings.py b/settings.py index 5e8ba64..1d2d423 100644 --- a/settings.py +++ b/settings.py @@ -61,17 +61,12 @@ TEMPLATE_CONTEXT_PROCESSORS = ( "django.core.context_processors.auth", "core.con LOGIN_REDIRECT_URL = '/' -if django.VERSION[0] >=1 and django.VERSION[1] > 1: - csrfmiddleware = 'django.middleware.csrf.CsrfViewMiddleware' -else: - csrfmiddleware = 'django.contrib.csrf.middleware.CsrfMiddleware' - MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.redirects.middleware.RedirectFallbackMiddleware', - csrfmiddleware, + 'django.middleware.csrf.CsrfViewMiddleware', 'troggle.middleware.SmartAppendSlashMiddleware' ) From 1471abeda79002a69f325f45625ec9feb6be06f2 Mon Sep 17 00:00:00 2001 From: Wookey Date: Tue, 2 Jul 2013 18:13:27 +0100 Subject: [PATCH 5/5] Change database syntax to modern format as old style no longer supported in django 1.4 --- databaseReset.py | 14 +++++++------- localsettingsserver.py | 16 ++++++++++------ localsettingsubuntu.py | 26 +++++++++++++++----------- localsettingswindows.py | 16 ++++++++++------ 4 files changed, 42 insertions(+), 30 deletions(-) diff --git a/databaseReset.py b/databaseReset.py index 9ba336c..a14a44d 100644 --- a/databaseReset.py +++ b/databaseReset.py @@ -11,20 +11,20 @@ from django.core.urlresolvers import reverse from core.models import Cave, Entrance import flatpages.models - +databasename=settings.DATABASES['default']['NAME'] def reload_db(): - if settings.DATABASE_ENGINE == 'sqlite3': + if settings.DATABASES['default']['ENGINE'] == 'django.db.backends.sqlite3': try: - os.remove(settings.DATABASE_NAME) + os.remove(databasename) except OSError: pass else: cursor = connection.cursor() - cursor.execute("DROP DATABASE %s" % settings.DATABASE_NAME) - cursor.execute("CREATE DATABASE %s" % settings.DATABASE_NAME) - cursor.execute("ALTER DATABASE %s CHARACTER SET=utf8" % settings.DATABASE_NAME) - cursor.execute("USE %s" % settings.DATABASE_NAME) + cursor.execute("DROP DATABASE %s" % databasename) + cursor.execute("CREATE DATABASE %s" % databasename) + cursor.execute("ALTER DATABASE %s CHARACTER SET=utf8" % databasename) + cursor.execute("USE %s" % databasename) management.call_command('syncdb', interactive=False) user = User.objects.create_user('expo', 'goatchurch@gmail.com', 'gosser') user.is_staff = True diff --git a/localsettingsserver.py b/localsettingsserver.py index fd59ea6..1123f04 100644 --- a/localsettingsserver.py +++ b/localsettingsserver.py @@ -1,12 +1,16 @@ import sys sys.path.append("/home/expo/troggle") -DATABASE_ENGINE = 'mysql' # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'. -DATABASE_NAME = 'troggle' # Or path to database file if using sqlite3. -DATABASE_USER = 'undemocracy' # Not used with sqlite3. -DATABASE_PASSWORD = 'aiGohsh5' # Not used with sqlite3. -DATABASE_HOST = '' # Set to empty string for localhost. Not used with sqlite3. -DATABASE_PORT = '' # Set to empty string for default. Not used with sqlite3. +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. + 'NAME': 'troggle', # Or path to database file if using sqlite3. + 'USER': 'expo', # Not used with sqlite3. + 'PASSWORD': 'gosser', # Not used with sqlite3. + 'HOST': '', # Set to empty string for localhost. Not used with sqlite3. + 'PORT': '', # Set to empty string for default. Not used with sqlite3. + } +} REPOS_ROOT_PATH = '/home/expo/' sys.path.append(REPOS_ROOT_PATH) diff --git a/localsettingsubuntu.py b/localsettingsubuntu.py index 420d06a..5a1f944 100644 --- a/localsettingsubuntu.py +++ b/localsettingsubuntu.py @@ -1,12 +1,16 @@ import sys # link localsettings to this file for use on expo computer in austria -DATABASE_ENGINE = 'mysql' # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'. -DATABASE_NAME = 'troggle' # Or path to database file if using sqlite3. -DATABASE_USER = 'expo' # Not used with sqlite3. -DATABASE_PASSWORD = 'gosser' # Not used with sqlite3. -DATABASE_HOST = '' # Set to empty string for localhost. Not used with sqlite3. -DATABASE_PORT = '' # Set to empty string for default. Not used with sqlite3. +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. + 'NAME': 'troggle', # Or path to database file if using sqlite3. + 'USER': 'expo', # Not used with sqlite3. + 'PASSWORD': 'gosser', # Not used with sqlite3. + 'HOST': '', # Set to empty string for localhost. Not used with sqlite3. + 'PORT': '', # Set to empty string for default. Not used with sqlite3. + } +} REPOS_ROOT_PATH = '/home/expo/expofiles/' @@ -21,12 +25,12 @@ TUNNEL_DATA = REPOS_ROOT_PATH + 'tunneldata/' CAVERN = 'cavern' THREEDTOPOS = '3dtopos' EXPOWEB = REPOS_ROOT_PATH + 'expoweb/' -SURVEYS = '/home/expo/' +SURVEYS = REPOS_ROOT_PATH SURVEY_SCANS = REPOS_ROOT_PATH + 'expoimages/' FILES = REPOS_ROOT_PATH + 'expoimages' -PYTHON_PATH = '/home/expo/expofiles/troggle/' +PYTHON_PATH = REPOS_ROOT_PATH + 'hg/troggle/' #URL_ROOT = 'http://127.0.0.1:8000' URL_ROOT = "http://expoweb/" @@ -36,17 +40,17 @@ EXPOWEB_URL = '/' SURVEYS_URL = '/survey_scans/' MEDIA_URL = URL_ROOT + DIR_ROOT + '/site_media/' -MEDIA_ROOT = '/home/expo/expofiles/troggle/media/' +MEDIA_ROOT = REPOS_ROOT_PATH + '/troggle/media/' MEDIA_ADMIN_DIR = '/usr/lib/python2.4/site-packages/django/contrib/admin/media/' TINY_MCE_MEDIA_ROOT = '/usr/share/tinymce/www/' TINY_MCE_MEDIA_URL = URL_ROOT + DIR_ROOT + '/tinymce_media/' TEMPLATE_DIRS = ( - "/home/expo/expofiles/troggle/templates", + PYTHON_PATH + "templates", # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates". # Always use forward slashes, even on Windows. # Don't forget to use absolute paths, not relative paths. ) -LOGFILE = '/home/expo/expofiles/troggle/parsing_log.txt' +LOGFILE = PYTHON_PATH + 'parsing_log.txt' diff --git a/localsettingswindows.py b/localsettingswindows.py index c9f67e4..578b152 100644 --- a/localsettingswindows.py +++ b/localsettingswindows.py @@ -1,9 +1,13 @@ -DATABASE_ENGINE = '' # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'. -DATABASE_NAME = '' # Or path to database file if using sqlite3. -DATABASE_USER = '' # Not used with sqlite3. -DATABASE_PASSWORD = '' # Not used with sqlite3. -DATABASE_HOST = '' # Set to empty string for localhost. Not used with sqlite3. -DATABASE_PORT = '' # Set to empty string for default. Not used with sqlite3. +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. + 'NAME': 'troggle', # Or path to database file if using sqlite3. + 'USER': 'expo', # Not used with sqlite3. + 'PASSWORD': 'gosser', # Not used with sqlite3. + 'HOST': '', # Set to empty string for localhost. Not used with sqlite3. + 'PORT': '', # Set to empty string for default. Not used with sqlite3. + } +} SURVEX_DATA = 'c:\\Expo\\loser\\' CAVERN = 'cavern'