mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-05 02:42:26 -05:00
108536490: add the proxy_fix
This commit is contained in:
Rebecca Law
@@ -27,3 +27,5 @@ deploy:
|
|||||||
app: notifications-admin
|
app: notifications-admin
|
||||||
on:
|
on:
|
||||||
repo: alphagov/notifications-admin
|
repo: alphagov/notifications-admin
|
||||||
|
run:
|
||||||
|
- python app.py db upgrade
|
||||||
|
|||||||
@@ -10,8 +10,10 @@ from webassets.filter import get_filter
|
|||||||
from werkzeug.exceptions import abort
|
from werkzeug.exceptions import abort
|
||||||
|
|
||||||
from app.its_dangerous_session import ItsdangerousSessionInterface
|
from app.its_dangerous_session import ItsdangerousSessionInterface
|
||||||
|
import app.proxy_fix
|
||||||
from config import configs
|
from config import configs
|
||||||
|
|
||||||
|
|
||||||
db = SQLAlchemy()
|
db = SQLAlchemy()
|
||||||
login_manager = LoginManager()
|
login_manager = LoginManager()
|
||||||
csrf = CsrfProtect()
|
csrf = CsrfProtect()
|
||||||
@@ -32,7 +34,10 @@ def create_app(config_name):
|
|||||||
from app.main import main as main_blueprint
|
from app.main import main as main_blueprint
|
||||||
application.register_blueprint(main_blueprint)
|
application.register_blueprint(main_blueprint)
|
||||||
|
|
||||||
|
proxy_fix.init_app(application)
|
||||||
|
|
||||||
application.session_interface = ItsdangerousSessionInterface()
|
application.session_interface = ItsdangerousSessionInterface()
|
||||||
|
|
||||||
return application
|
return application
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -13,14 +13,14 @@ class ItsdangerousSession(CallbackDict, SessionMixin):
|
|||||||
|
|
||||||
|
|
||||||
class ItsdangerousSessionInterface(SessionInterface):
|
class ItsdangerousSessionInterface(SessionInterface):
|
||||||
salt = 'cookie-session'
|
|
||||||
session_class = ItsdangerousSession
|
session_class = ItsdangerousSession
|
||||||
|
|
||||||
def get_serializer(self, app):
|
def get_serializer(self, app):
|
||||||
|
salt = app.config.get('DANGEROUS_SALT')
|
||||||
if not app.secret_key:
|
if not app.secret_key:
|
||||||
return None
|
return None
|
||||||
return URLSafeTimedSerializer(app.secret_key,
|
return URLSafeTimedSerializer(app.secret_key,
|
||||||
salt=self.salt)
|
salt=salt)
|
||||||
|
|
||||||
def open_session(self, app, request):
|
def open_session(self, app, request):
|
||||||
s = self.get_serializer(app)
|
s = self.get_serializer(app)
|
||||||
|
|||||||
@@ -1,8 +1,13 @@
|
|||||||
from app import db
|
from app import db, login_manager
|
||||||
from app.models import User
|
from app.models import User
|
||||||
from app.main.encryption import encrypt
|
from app.main.encryption import encrypt
|
||||||
|
|
||||||
|
|
||||||
|
@login_manager.user_loader
|
||||||
|
def load_user(user_id):
|
||||||
|
return get_user_by_id(user_id)
|
||||||
|
|
||||||
|
|
||||||
def insert_user(user):
|
def insert_user(user):
|
||||||
user.password = encrypt(user.password)
|
user.password = encrypt(user.password)
|
||||||
db.session.add(user)
|
db.session.add(user)
|
||||||
|
|||||||
@@ -3,7 +3,6 @@ from datetime import datetime
|
|||||||
from flask import render_template, redirect, jsonify
|
from flask import render_template, redirect, jsonify
|
||||||
from flask_login import login_user
|
from flask_login import login_user
|
||||||
|
|
||||||
from app import login_manager
|
|
||||||
from app.main import main
|
from app.main import main
|
||||||
from app.main.forms import LoginForm
|
from app.main.forms import LoginForm
|
||||||
from app.main.dao import users_dao
|
from app.main.dao import users_dao
|
||||||
@@ -11,11 +10,6 @@ from app.models import User
|
|||||||
from app.main.encryption import encrypt
|
from app.main.encryption import encrypt
|
||||||
|
|
||||||
|
|
||||||
@login_manager.user_loader
|
|
||||||
def load_user(user_id):
|
|
||||||
return users_dao.get_user_by_id(user_id)
|
|
||||||
|
|
||||||
|
|
||||||
@main.route("/sign-in", methods=(['GET']))
|
@main.route("/sign-in", methods=(['GET']))
|
||||||
def render_sign_in():
|
def render_sign_in():
|
||||||
return render_template('signin.html', form=LoginForm())
|
return render_template('signin.html', form=LoginForm())
|
||||||
@@ -27,13 +21,13 @@ def process_sign_in():
|
|||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
user = users_dao.get_user_by_email(form.email_address.data)
|
user = users_dao.get_user_by_email(form.email_address.data)
|
||||||
if user is None:
|
if user is None:
|
||||||
return jsonify(authorization=False), 404
|
return jsonify(authorization=False), 401
|
||||||
if user.password == encrypt(form.password.data):
|
if user.password == encrypt(form.password.data):
|
||||||
login_user(user)
|
login_user(user)
|
||||||
else:
|
else:
|
||||||
return jsonify(authorization=False), 404
|
return jsonify(authorization=False), 401
|
||||||
else:
|
else:
|
||||||
return jsonify(form.errors), 404
|
return jsonify(form.errors), 400
|
||||||
return redirect('/two-factor')
|
return redirect('/two-factor')
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -49,23 +49,17 @@ class User(db.Model):
|
|||||||
def is_active(self):
|
def is_active(self):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def is_locked(self):
|
|
||||||
if self.failed_login_count <= current_app.config['MAX_FAILED_LOGIN_COUNT']:
|
|
||||||
return False
|
|
||||||
else:
|
|
||||||
return True
|
|
||||||
|
|
||||||
def is_anonymous(self):
|
def is_anonymous(self):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def get_id(self):
|
def get_id(self):
|
||||||
return self.id
|
return self.id
|
||||||
|
|
||||||
@staticmethod
|
def is_locked(self):
|
||||||
def load_user(user_id):
|
if self.failed_login_count <= current_app.config['MAX_FAILED_LOGIN_COUNT']:
|
||||||
user = User.query.filter_by(id=user_id).first()
|
return False
|
||||||
if user.is_active():
|
else:
|
||||||
return user
|
return True
|
||||||
|
|
||||||
|
|
||||||
def filter_null_value_fields(obj):
|
def filter_null_value_fields(obj):
|
||||||
|
|||||||
17
app/proxy_fix.py
Normal file
17
app/proxy_fix.py
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
from werkzeug.contrib.fixers import ProxyFix
|
||||||
|
|
||||||
|
|
||||||
|
class CustomProxyFix(object):
|
||||||
|
def __init__(self, app, forwarded_proto):
|
||||||
|
self.app = ProxyFix(app)
|
||||||
|
self.forwarded_proto = forwarded_proto
|
||||||
|
|
||||||
|
def __call__(self, environ, start_response):
|
||||||
|
environ.update({
|
||||||
|
"HTTP_X_FORWARDED_PROTO": self.forwarded_proto
|
||||||
|
})
|
||||||
|
return self.app(environ, start_response)
|
||||||
|
|
||||||
|
|
||||||
|
def init_app(app):
|
||||||
|
app.wsgi_app = CustomProxyFix(app.wsgi_app, app.config.get('HTTP_PROTOCOL', 'http'))
|
||||||
@@ -13,6 +13,8 @@ class Config(object):
|
|||||||
|
|
||||||
WTF_CSRF_ENABLED = True
|
WTF_CSRF_ENABLED = True
|
||||||
SECRET_KEY = 'secret-key'
|
SECRET_KEY = 'secret-key'
|
||||||
|
HTTP_PROTOCOL = 'http'
|
||||||
|
DANGEROUS_SALT = 'itsdangeroussalt'
|
||||||
|
|
||||||
|
|
||||||
class Development(Config):
|
class Development(Config):
|
||||||
@@ -24,6 +26,11 @@ class Test(Config):
|
|||||||
SQLALCHEMY_DATABASE_URI = 'postgresql://localhost/test_notifications_admin'
|
SQLALCHEMY_DATABASE_URI = 'postgresql://localhost/test_notifications_admin'
|
||||||
WTF_CSRF_ENABLED = False
|
WTF_CSRF_ENABLED = False
|
||||||
|
|
||||||
|
|
||||||
|
class Live(Config):
|
||||||
|
DEBUG = False
|
||||||
|
HTTP_PROTOCOL = 'https'
|
||||||
|
|
||||||
configs = {
|
configs = {
|
||||||
'development': Development,
|
'development': Development,
|
||||||
'test': Test
|
'test': Test
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ Flask-Script==2.0.5
|
|||||||
Flask-Assets==0.11
|
Flask-Assets==0.11
|
||||||
Flask-Migrate==1.3.1
|
Flask-Migrate==1.3.1
|
||||||
Flask-SQLAlchemy==2.0
|
Flask-SQLAlchemy==2.0
|
||||||
psycopg2==2.6.1
|
psycopg2==2.6.2
|
||||||
SQLAlchemy==1.0.5
|
SQLAlchemy==1.0.5
|
||||||
SQLAlchemy-Utils==0.30.5
|
SQLAlchemy-Utils==0.30.5
|
||||||
Flask-WTF==0.11
|
Flask-WTF==0.11
|
||||||
|
|||||||
Reference in New Issue
Block a user