def user_logged_in_succesfull(app, user): user_agent = request.headers.get('User-Agent') if user_agent.startswith('faraday-client/'): HOME_URL = "https://portal.faradaysec.com/api/v1/license_check" params = { 'version': faraday.__version__, 'key': 'white', 'client': user_agent } try: logger.debug('Send Faraday-Client license_check') res = requests.get(HOME_URL, params=params, timeout=1, verify=True) logger.debug("Faraday-Client license_check response: %s", res.text) except Exception as e: logger.warning("Error sending client license_check [%s]", e) # cleanup old sessions logger.debug("Cleanup sessions") KVSessionExtension(app=app).cleanup_sessions(app) user_ip = request.headers.get('X-Forwarded-For', request.remote_addr) user_login_at = datetime.datetime.utcnow() audit_logger.info( f"User [{user.username}] logged in from IP [{user_ip}] at [{user_login_at}]" ) logger.info( f"User [{user.username}] logged in from IP [{user_ip}] at [{user_login_at}]" )
def create_app(config_name): """ the following method implement the application factory design pattern ! it's responsible for creating all the app with 2 configurations mode test ,develpement """ if config_name == "test": app = Flask(__name__) app.config.from_object(app_config[config_name]) else: #for template folder when runned as a package if getattr(sys, 'frozen', False): template_folder = os.path.join(sys._MEIPASS, 'templates') static_folder = os.path.join(sys._MEIPASS, 'static') app = Flask(__name__, template_folder=template_folder, static_folder=static_folder) else: app = Flask(__name__) app.config.from_object(app_config['development']) app.register_blueprint(home) """ will use a kv sesssion to store session data in client side """ store = FilesystemStore(SESSION_FOLDER) KVSessionExtension(store, app) return app
def expire_session(app, user): logger.debug("Cleanup sessions") session.destroy() KVSessionExtension(app=app).cleanup_sessions(app) user_ip = request.headers.get('X-Forwarded-For', request.remote_addr) user_logout_at = datetime.datetime.now() audit_logger.info(f"User [{user.username}] logged out from IP [{user_ip}] at [{user_logout_at}]")
def __init__(self, app=None): """Extension initialization.""" if app: self.init_app(app) store = RedisStore( redis.StrictRedis(host=app.config.get( 'ACCESS_SESSION_REDIS_HOST', 'localhost'))) KVSessionExtension(store, app)
def create_app(config_name): application = Flask(__name__, static_folder='static/', static_url_path=configs[config_name].ASSET_PATH) init_app(application, configs[config_name], bootstrap=bootstrap, data_api_client=data_api_client, login_manager=login_manager) if application.config['REDIS_SESSIONS']: vcap_services = parse_vcap_services() redis_opts = { 'ssl': application.config['REDIS_SSL'], 'ssl_ca_certs': application.config['REDIS_SSL_CA_CERTS'], 'ssl_cert_reqs': application.config['REDIS_SSL_HOST_REQ'] } if vcap_services and 'redis' in vcap_services: redis_opts['host'] = vcap_services['redis'][0]['credentials'][ 'hostname'] redis_opts['port'] = vcap_services['redis'][0]['credentials'][ 'port'] redis_opts['password'] = vcap_services['redis'][0]['credentials'][ 'password'] else: redis_opts['host'] = application.config['REDIS_SERVER_HOST'] redis_opts['port'] = application.config['REDIS_SERVER_PORT'] redis_opts['password'] = application.config[ 'REDIS_SERVER_PASSWORD'] session_store = RedisStore(redis.StrictRedis(**redis_opts)) KVSessionExtension(session_store, application) application.permanent_session_lifetime = timedelta(hours=12) from .main import main as main_blueprint from .status import status as status_blueprint url_prefix = application.config['URL_PREFIX'] application.register_blueprint(status_blueprint, url_prefix=url_prefix) application.register_blueprint(main_blueprint, url_prefix=url_prefix) login_manager.login_view = 'main.render_login' main_blueprint.config = application.config.copy() init_frontend_app(application, data_api_client, login_manager) application.add_template_filter(parse_document_upload_time) @application.context_processor def extra_template_variables(): return { 'generic_contact_email': application.config['GENERIC_CONTACT_EMAIL'], } return application
def create_app(config_name): # App Factory app = Flask(__name__) app.config.from_object(config[config_name]) if os.environ.get("DATABASE_URL") is None: app.config["SQLALCHEMY_DATABASE_URI"] = app.config.get( "SQLALCHEMY_DATABASE_URI") else: app.config["SQLALCHEMY_DATABASE_URI"] = os.environ.get("DATABASE_URL") config[config_name].init_app(app) bootstrap.init_app(app) mail.init_app(app) moment.init_app(app) migrate.init_app(app, db) db.init_app(app) with app.app_context(): # load_db(db) store = SQLAlchemyStore(db.engine, db.metadata, "sessions") kvsession = KVSessionExtension(store, app) logfile_name = "Timeclock" + time.strftime("%Y%m%d-%H%M%S") + ".log" handler = RotatingFileHandler(logfile_name, maxBytes=10000, backupCount=1) handler.setFormatter( Formatter("%(asctime)s %(levelname)s: %(message)s " "[in %(pathname)s:%(lineno)d]")) handler.setLevel(logging.INFO) app.logger.addHandler(handler) login_manager.init_app(app) from .main import main as main_blueprint app.register_blueprint(main_blueprint) from .auth import auth as auth_blueprint app.register_blueprint(auth_blueprint, url_prefix="/auth") from .health_screen import health_screen_bp as health_screen_blueprint app.register_blueprint(health_screen_blueprint, url_prefix="/healthscreen") app.permanent_session_lifetime = timedelta(minutes=15) @app.before_request def func(): session.modified = True return app
def user_logged_in_succesfull(app, user): user_agent = request.headers.get('User-Agent') if user_agent.startswith('faraday-client/'): HOME_URL = "https://portal.faradaysec.com/api/v1/license_check" params = {'version': faraday.__version__, 'key': 'white', 'client': user_agent} try: logger.debug('Send Faraday-Client license_check') res = requests.get(HOME_URL, params=params, timeout=1, verify=True) logger.debug("Faraday-Client license_check response: %s", res.text) except Exception as e: logger.warning("Error sending client license_check [%s]", e) # cleanup old sessions logger.debug("Cleanup sessions") KVSessionExtension(app=app).cleanup_sessions(app)
def register_extensions(app): """Register Flask extensions.""" bcrypt.init_app(app) cache.init_app(app) db.init_app(app) csrf_protect.init_app(app) login_manager.init_app(app) debug_toolbar.init_app(app) mail.init_app(app) migrate.init_app(app, db) webpack.init_app(app) KVSessionExtension(store, app) ws.init_app(app) return None
def test_delayed_construction(vapp, store): ext = KVSessionExtension() with pytest.raises(ValueError): ext.init_app(vapp) ext.init_app(vapp, store) assert vapp.kvsession_store is store
def create_app(config_name): app = Flask(__name__) app.config.from_object(config[config_name]) config[config_name].init_app(app) bootstrap.init_app(app) db.init_app(app) login_manager.init_app(app) KVSessionExtension(st, app) from .main import main as main_blueprint app.register_blueprint(main_blueprint) return app
def app_with_session_interface_factory(store): app = Flask(__name__) app.config[ "SESSION_INTERFACE_FACTORY"] = CustomSessionInterfaceWithPermanentAnonymousSession app.config["TESTING"] = True app.config["SECRET_KEY"] = "devkey" app.kvsession = KVSessionExtension(store, app) @app.route("/store-in-session/<key>/<value>/") def store(key, value): session[key] = value return "stored %r at %r" % (value, key) yield app
def init_config(self, app): """Initialize configuration. :param app: The Flask application. """ try: pkg_resources.get_distribution('celery') app.config.setdefault("ACCOUNTS_USE_CELERY", not (app.debug or app.testing)) except pkg_resources.DistributionNotFound: # pragma: no cover app.config.setdefault("ACCOUNTS_USE_CELERY", False) # Register Invenio legacy password hashing register_crypt_handler(InvenioAesEncryptedEmail) # Change Flask defaults app.config.setdefault('SESSION_COOKIE_SECURE', not app.debug) # Change Flask-Security defaults app.config.setdefault('SECURITY_PASSWORD_SALT', app.config['SECRET_KEY']) # Set JWT secret key app.config.setdefault( 'ACCOUNTS_JWT_SECRET_KEY', app.config.get('ACCOUNTS_JWT_SECRET_KEY', app.config.get('SECRET_KEY'))) config_apps = ['ACCOUNTS', 'SECURITY_'] for k in dir(config): if any([k.startswith(prefix) for prefix in config_apps]): app.config.setdefault(k, getattr(config, k)) # Set Session KV store if app.config.get('ACCOUNTS_SESSION_REDIS_URL'): import redis from simplekv.memory.redisstore import RedisStore session_kvstore = RedisStore( redis.StrictRedis.from_url( app.config['ACCOUNTS_SESSION_REDIS_URL'])) else: from simplekv.memory import DictStore session_kvstore = DictStore() self.kvsession_extension = KVSessionExtension(session_kvstore, app)
def register_extensions(app): bcrypt.init_app(app) db.init_app(app) csrf_protect.init_app(app) login.init_app(app) migrate.init_app(app, db) KVSessionExtension(store, app) babel = Babel(app) mail.init_app(app) @babel.localeselector def get_locale(): # return 'ja' return request.accept_languages \ .best_match(current_app.config['LANGUAGES']) return None
def create_app_from_config(config): """ Create a new application based on the given configuration """ app = flask.Flask(__name__) app.cli.add_command(manage.mailu) # Bootstrap is used for basic JS and CSS loading # TODO: remove this and use statically generated assets instead app.bootstrap = flask_bootstrap.Bootstrap(app) # Initialize application extensions config.init_app(app) models.db.init_app(app) KVSessionExtension( RedisStore(redis.StrictRedis().from_url('redis://{0}/3'.format( config['REDIS_ADDRESS']))), app).cleanup_sessions(app) utils.limiter.init_app(app) utils.babel.init_app(app) utils.login.init_app(app) utils.login.user_loader(models.User.get) utils.proxy.init_app(app) utils.migrate.init_app(app, models.db) # Initialize debugging tools if app.config.get("DEBUG"): debug.toolbar.init_app(app) # TODO: add a specific configuration variable for profiling # debug.profiler.init_app(app) # Inject the default variables in the Jinja parser # TODO: move this to blueprints when needed @app.context_processor def inject_defaults(): signup_domains = models.Domain.query.filter_by( signup_enabled=True).all() return dict(signup_domains=signup_domains, config=app.config) # Import views from mailu import ui, internal app.register_blueprint(ui.ui, url_prefix='/ui') app.register_blueprint(internal.internal, url_prefix='/internal') return app
def init_flask_sessions(context): """ Enable third-party server-side session storage """ redis_config = context.settings.get("sessions", dict()).get("redis", dict()) # if redis_config: session_store = RedisStore( StrictRedis( host=redis_config.get("host", "localhost"), password=redis_config.get("password", None), ) ) session_prefix = context.settings.get("sessions", dict()).get("prefix", None) if session_prefix: session_store = PrefixDecorator(session_prefix, session_store) log.info("Using redis for session storage") else: session_store = DictStore() log.info("Using memory for session storage") # KVSessionExtension(session_store, context.app)
def issue27app(request): app = Flask(__name__) app.secret_key = 'foo' # toggle for default session if request.param is True: KVSessionExtension(RedisStore(redis.StrictRedis()), app) @app.route('/') def index(): if 'x' not in session: session['x'] = 0 return str(session['x']) @app.route('/test') def test(): session['x'] = session.get('x', 0) + 1 return str(session['x']) return app
def issue27app(request): app = Flask(__name__) app.secret_key = "foo" # toggle for default session if request.param is True: KVSessionExtension(RedisStore(redis.StrictRedis()), app) @app.route("/") def index(): if "x" not in session: session["x"] = 0 return str(session["x"]) @app.route("/test") def test(): session["x"] = session.get("x", 0) + 1 return str(session["x"]) return app
def init_app(self, app, use_celery=True, sessionstore=None): """Flask application initialization. :param sessionstore: store for sessions. Passed to ``flask-kvsession``. Defaults to redis. """ self.init_config(app) # Create user datastore self.datastore = SQLAlchemyUserDatastore(db, User, Role) # Create sessionstore if sessionstore is None: import redis from simplekv.memory.redisstore import RedisStore sessionstore = RedisStore( redis.StrictRedis.from_url( app.config['ACCOUNTS_SESSION_REDIS_URL'])) self.sessionstore = sessionstore user_logged_in.connect(login_listener, app) # Initialize extension. state = self.security.init_app(app, datastore=self.datastore) self.kvsession_extension = KVSessionExtension(self.sessionstore, app) if app.config['ACCOUNTS_USE_CELERY']: from invenio_accounts.tasks import send_security_email @state.send_mail_task def delay_security_email(msg): send_security_email.delay(msg.__dict__) # Register CLI app.cli.add_command(roles_cli, 'roles') app.cli.add_command(users_cli, 'users') app.extensions['invenio-accounts'] = self
def setup_app(app): """Do general app setup so we can run from gunicorn or command line""" global HOST, PORT setup_db() app.config['SESSION_TYPE'] = 'redis' app.config['SECRET_KEY'] = '12345abcde' app.config['REDIS_URL'] = get_redis_url() # a DictStore will store everything in memory STORE = DictStore() # this will replace the app's session handling KVSessionExtension(STORE, APP) PORT = int(os.environ.get('PORT', 5000)) HOST = os.environ.get('HOST', 'localhost') LOGGER.info("Starting application on PORT=%d", PORT) # Bind to PORT if defined, otherwise default to 5000. app.debug = False #APP.testing = True app.secret_key = '12345abcde' RQDashboard(app)
def expire_session(app, user): logger.debug("Cleanup sessions") session.destroy() KVSessionExtension(app=app).cleanup_sessions(app)
def create_app(db_connection_string=None, testing=None): app = Flask(__name__) try: secret_key = faraday.server.config.faraday_server.secret_key except Exception: # Now when the config file does not exist it doesn't enter in this # condition, but it could happen in the future. TODO check save_new_secret_key(app) else: if secret_key is None: # This is what happens now when the config file doesn't exist. # TODO check save_new_secret_key(app) else: app.config['SECRET_KEY'] = secret_key if faraday.server.config.faraday_server.agent_token is None: save_new_agent_creation_token() login_failed_message = ("Invalid username or password", 'error') app.config.update({ 'SECURITY_PASSWORD_SINGLE_HASH': True, 'WTF_CSRF_ENABLED': False, 'SECURITY_USER_IDENTITY_ATTRIBUTES': ['username'], 'SECURITY_POST_LOGIN_VIEW': '/_api/session', 'SECURITY_POST_LOGOUT_VIEW': '/_api/login', 'SECURITY_POST_CHANGE_VIEW': '/_api/change', 'SECURITY_CHANGEABLE': True, 'SECURITY_SEND_PASSWORD_CHANGE_EMAIL': False, 'SECURITY_MSG_USER_DOES_NOT_EXIST': login_failed_message, 'SECURITY_TOKEN_AUTHENTICATION_HEADER': 'Authorization', # The line bellow should not be necessary because of the # CustomLoginForm, but i'll include it anyway. 'SECURITY_MSG_INVALID_PASSWORD': login_failed_message, 'SESSION_TYPE': 'filesystem', 'SESSION_FILE_DIR': faraday.server.config.FARADAY_SERVER_SESSIONS_DIR, 'SQLALCHEMY_TRACK_MODIFICATIONS': False, 'SQLALCHEMY_RECORD_QUERIES': True, # app.config['SQLALCHEMY_ECHO'] = True 'SECURITY_PASSWORD_SCHEMES': [ 'bcrypt', # This should be the default value # 'des_crypt', 'pbkdf2_sha1', # Used by CouchDB passwords # 'pbkdf2_sha256', # 'pbkdf2_sha512', # 'sha256_crypt', # 'sha512_crypt', 'plaintext', # TODO: remove it ], 'PERMANENT_SESSION_LIFETIME': datetime.timedelta(hours=12), 'SESSION_COOKIE_NAME': 'faraday_session_2', 'SESSION_COOKIE_SAMESITE': 'Lax', }) store = FilesystemStore(app.config['SESSION_FILE_DIR']) prefixed_store = PrefixDecorator('sessions_', store) KVSessionExtension(prefixed_store, app) user_logged_out.connect(expire_session, app) storage_path = faraday.server.config.storage.path if not storage_path: logger.warn('No storage section or path in the .faraday/config/server.ini. Setting the default value to .faraday/storage') storage_path = setup_storage_path() if not DepotManager.get('default'): if testing: DepotManager.configure('default', { 'depot.storage_path': '/tmp' }) else: DepotManager.configure('default', { 'depot.storage_path': storage_path }) check_testing_configuration(testing, app) try: app.config['SQLALCHEMY_DATABASE_URI'] = db_connection_string or faraday.server.config.database.connection_string.strip("'") except AttributeError: logger.info('Missing [database] section on server.ini. Please configure the database before running the server.') except NoOptionError: logger.info('Missing connection_string on [database] section on server.ini. Please configure the database before running the server.') from faraday.server.models import db # pylint:disable=import-outside-toplevel db.init_app(app) #Session(app) # Setup Flask-Security app.user_datastore = SQLAlchemyUserDatastore( db, user_model=User, role_model=None) # We won't use flask security roles feature Security(app, app.user_datastore, login_form=CustomLoginForm) # Make API endpoints require a login user by default. Based on # https://stackoverflow.com/questions/13428708/best-way-to-make-flask-logins-login-required-the-default app.view_functions['security.login'].is_public = True app.view_functions['security.logout'].is_public = True app.debug = faraday.server.config.is_debug_mode() minify_json_output(app) for handler in LOGGING_HANDLERS: app.logger.addHandler(handler) register_blueprints(app) register_handlers(app) app.view_functions['agent_api.AgentCreationView:post'].is_public = True return app
def init_app(self, app, sessionstore=None, register_blueprint=True): """Flask application initialization. The following actions are executed: #. Initialize the configuration. #. Monkey-patch Flask-Security. #. Create the user datastore. #. Create the sessionstore. #. Initialize the extension, the forms to register users and confirms their emails, the CLI and, if ``ACCOUNTS_USE_CELERY`` is ``True``, register a celery task to send emails. #. Override Flask-Security's default login view function. #. Warn if inconsistent configuration is detected :param app: The Flask application. :param sessionstore: store for sessions. Passed to ``flask-kvsession``. If ``None`` then Redis is configured. (Default: ``None``) :param register_blueprint: If ``True``, the application registers the blueprints. (Default: ``True``) """ self.init_config(app) # Monkey-patch Flask-Security InvenioAccounts.monkey_patch_flask_security() # Create user datastore if not self.datastore: self.datastore = SessionAwareSQLAlchemyUserDatastore( db, User, Role) if app.config["ACCOUNTS_SESSION_ACTIVITY_ENABLED"]: self._enable_session_activity(app=app) # Initialize extension. _register_blueprint = app.config.get("ACCOUNTS_REGISTER_BLUEPRINT") if _register_blueprint is not None: register_blueprint = _register_blueprint state = self.security.init_app(app, datastore=self.datastore, register_blueprint=register_blueprint) # Override Flask-Security's default login view function new_login_view = obj_or_import_string( app.config.get("ACCOUNTS_LOGIN_VIEW_FUNCTION")) if new_login_view is not None: app.view_functions["security.login"] = new_login_view self.register_anonymous_identity_loader(state) app.extensions["security"].register_form = register_form_factory( app.extensions["security"].register_form, app) app.extensions[ "security"].confirm_register_form = confirm_register_form_factory( app.extensions["security"].confirm_register_form, app) app.extensions["security"].login_form = login_form_factory( app.extensions["security"].login_form, app) if app.config["ACCOUNTS_USE_CELERY"]: from invenio_accounts.tasks import send_security_email @state.send_mail_task def delay_security_email(msg): send_security_email.delay(msg.__dict__) # Register context processor if app.config["ACCOUNTS_JWT_DOM_TOKEN"]: from invenio_accounts.context_processors.jwt import jwt_proccessor app.context_processor(jwt_proccessor) # Register signal receiver if app.config.get("ACCOUNTS_USERINFO_HEADERS"): request_finished.connect(set_session_info, app) # Set Session KV store session_kvstore_factory = obj_or_import_string( app.config["ACCOUNTS_SESSION_STORE_FACTORY"]) session_kvstore = session_kvstore_factory(app) self.kvsession_extension = KVSessionExtension(session_kvstore, app) self.check_configuration_consistency(app) app.extensions["invenio-accounts"] = self
def create_app(db_connection_string=None, testing=None): class CustomFlask(Flask): SKIP_RULES = [ # These endpoints will be removed for v3 '/v3/ws/<workspace_name>/hosts/bulk_delete/', '/v3/ws/<workspace_name>/vulns/bulk_delete/', '/v3/ws/<workspace_id>/change_readonly/', '/v3/ws/<workspace_id>/deactivate/', '/v3/ws/<workspace_id>/activate/', ] def add_url_rule(self, rule, endpoint=None, view_func=None, **options): # Flask registers views when an application starts # do not add view from SKIP_VIEWS for rule_ in CustomFlask.SKIP_RULES: if rule_ == rule: return return super().add_url_rule(rule, endpoint, view_func, **options) app = CustomFlask(__name__, static_folder=None) try: secret_key = faraday.server.config.faraday_server.secret_key except Exception: # Now when the config file does not exist it doesn't enter in this # condition, but it could happen in the future. TODO check save_new_secret_key(app) else: if secret_key is None: # This is what happens now when the config file doesn't exist. # TODO check save_new_secret_key(app) else: app.config['SECRET_KEY'] = secret_key if faraday.server.config.faraday_server.agent_registration_secret is None: save_new_agent_creation_token_secret() login_failed_message = ("Invalid username or password", 'error') app.config.update({ 'SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN': True, 'SECURITY_PASSWORD_SINGLE_HASH': True, 'WTF_CSRF_ENABLED': False, 'SECURITY_USER_IDENTITY_ATTRIBUTES': [{ 'username': { 'mapper': uia_username_mapper } }], 'SECURITY_POST_LOGIN_VIEW': '/_api/session', 'SECURITY_POST_CHANGE_VIEW': '/_api/change', 'SECURITY_RESET_PASSWORD_TEMPLATE': '/security/reset.html', 'SECURITY_POST_RESET_VIEW': '/', 'SECURITY_SEND_PASSWORD_RESET_EMAIL': True, # For testing porpouse 'SECURITY_EMAIL_SENDER': "*****@*****.**", 'SECURITY_CHANGEABLE': True, 'SECURITY_SEND_PASSWORD_CHANGE_EMAIL': False, 'SECURITY_MSG_USER_DOES_NOT_EXIST': login_failed_message, 'SECURITY_TOKEN_AUTHENTICATION_HEADER': 'Authorization', # The line bellow should not be necessary because of the # CustomLoginForm, but i'll include it anyway. 'SECURITY_MSG_INVALID_PASSWORD': login_failed_message, 'SESSION_TYPE': 'filesystem', 'SESSION_FILE_DIR': faraday.server.config.FARADAY_SERVER_SESSIONS_DIR, 'SQLALCHEMY_TRACK_MODIFICATIONS': False, 'SQLALCHEMY_RECORD_QUERIES': True, # app.config['SQLALCHEMY_ECHO'] = True 'SECURITY_PASSWORD_SCHEMES': [ 'bcrypt', # This should be the default value # 'des_crypt', # 'pbkdf2_sha256', # 'pbkdf2_sha512', # 'sha256_crypt', # 'sha512_crypt', ], 'PERMANENT_SESSION_LIFETIME': datetime.timedelta(hours=int( faraday.server.config.faraday_server.session_timeout or 12)), 'SESSION_COOKIE_NAME': 'faraday_session_2', 'SESSION_COOKIE_SAMESITE': 'Lax', }) store = FilesystemStore(app.config['SESSION_FILE_DIR']) prefixed_store = PrefixDecorator('sessions_', store) KVSessionExtension(prefixed_store, app) user_logged_in.connect(user_logged_in_succesfull, app) user_logged_out.connect(expire_session, app) storage_path = faraday.server.config.storage.path if not storage_path: logger.warn( 'No storage section or path in the .faraday/config/server.ini. Setting the default value to .faraday/storage' ) storage_path = setup_storage_path() if not DepotManager.get('default'): if testing: DepotManager.configure( 'default', { 'depot.storage_path': '/tmp' # nosec }) else: DepotManager.configure('default', {'depot.storage_path': storage_path}) check_testing_configuration(testing, app) try: app.config[ 'SQLALCHEMY_DATABASE_URI'] = db_connection_string or faraday.server.config.database.connection_string.strip( "'") except AttributeError: logger.info( 'Missing [database] section on server.ini. Please configure the database before running the server.' ) except NoOptionError: logger.info( 'Missing connection_string on [database] section on server.ini. Please configure the database before running the server.' ) from faraday.server.models import db # pylint:disable=import-outside-toplevel db.init_app(app) # Session(app) # Setup Flask-Security app.user_datastore = SQLAlchemyUserDatastore( db, user_model=User, role_model=None) # We won't use flask security roles feature from faraday.server.api.modules.agent import agent_creation_api # pylint: disable=import-outside-toplevel app.limiter = Limiter(app, key_func=get_remote_address, default_limits=[]) if not testing: app.limiter.limit(faraday.server.config.limiter_config.login_limit)( agent_creation_api) app.register_blueprint(agent_creation_api) Security(app, app.user_datastore, login_form=CustomLoginForm) # Make API endpoints require a login user by default. Based on # https://stackoverflow.com/questions/13428708/best-way-to-make-flask-logins-login-required-the-default app.view_functions['security.login'].is_public = True app.view_functions['security.logout'].is_public = True app.debug = faraday.server.config.is_debug_mode() minify_json_output(app) for handler in LOGGING_HANDLERS: app.logger.addHandler(handler) app.logger.propagate = False register_blueprints(app) register_handlers(app) app.view_functions[ 'agent_creation_api.AgentCreationView:post'].is_public = True app.view_functions[ 'agent_creation_api.AgentCreationV3View:post'].is_public = True return app
# -*- coding: utf-8 -*- from simplekv.memory import DictStore from flask_kvsession import KVSessionExtension from flask_wtf.csrf import CsrfProtect from flask import abort store = DictStore() kvsession = KVSessionExtension(store) csrf_protect = CsrfProtect() @csrf_protect.error_handler def csrf_error(reason): return abort( 400, { 'code': 400, 'message': 'Request token missing or exprired. Please press F5 to refresh' })
import sys from docassemble.base.config import daconfig from docassemble.webapp.app_object import app from flask_kvsession import KVSessionExtension from simplekv.memory.redisstore import RedisStore import docassemble.base.config docassemble.base.config.load(arguments=sys.argv) import docassemble.base.util import docassemble.webapp.daredis store = RedisStore(docassemble.webapp.daredis.r_store) kv_session = KVSessionExtension(store, app) with app.app_context(): kv_session.cleanup_sessions()
def test_delayed_construction_with_default(vapp, store): ext = KVSessionExtension(store) ext.init_app(vapp) assert vapp.kvsession_store == store
@json.error_handler def error_handler(e): return json_response(status_=401, description='An error occured') #------------------------------------ # More Complex Intialization of Extensions #------------------------------------ engine = create_engine(VWM.config['SQLALCHEMY_DATABASE_URI']) metadata = MetaData(bind=engine) session_store = SQLAlchemyStore(engine, metadata, 'kvsession_table') metadata.create_all() kvsession_extension = KVSessionExtension(session_store, VWM) #---------------------------------------------------------------------------------- # end initialize all required values #---------------------------------------------------------------------------------- #------------------------------------------------------ #||||||||||||||||||||||||||||||||||||||||||||||||||||| #routing blueprints starts now VWM.register_blueprint(api_v1, url_prefix='/paywallet/v1') #end of blueprint route #|||||||||||||||||||||||||||||||||||||||||||||||||||||||| #---------------------------------------------------------- # @VWM.route("/start/<string:VWM>/<string:Key>")
load_dotenv() # get environment variables configure_logging() # configure loggers before starting app app = Flask(__name__) app.config.update(**config) # Configure Session using standard web session files, # more store types available in simplekv package # Hash Decorator provides session id session_store = HashDecorator( WebFilesystemStore(os.getenv("FLASK_SESSION_FILE_PATH"), os.getenv("FLASK_SESSION_URL_PREFIX"))) KVSessionExtension(session_store, app) # Add CSRFProtect extension to flask app # NOTE: this extends flask_wtf.CSRFProtect class; see class definition for details CSRFProtectionExtension(app) # Create Api blueprint and add resources (routes) api_blueprint = Blueprint('api', __name__) api = ElectroAPI(api_blueprint, catch_all_404s=True) # contains custom error handler api.add_resource(BillResource, "/bills", "/bills/<int:id>", endpoint="bill") api.add_resource(UserResource, "/login", "/logout", endpoint="login") # Register blueprint to app app.register_blueprint(api_blueprint, url_prefix="/api")
from quart_cors import cors from .config import config, load_config logging.basicConfig(level=logging.DEBUG) app = Quart(__name__) for key in config.keys(): app.config[key] = config[key] app = cors(app, allow_headers=['X-Requested-With'], allow_origin=app.config['ALLOW_ORIGIN']) load_config() if "pytest" in sys.modules: from mockredis import mock_strict_redis_client store = RedisStore(mock_strict_redis_client()) else: store = RedisStore(redis.StrictRedis(host=app.config['REDIS_HOST'])) prefixed_store = PrefixDecorator('sessions_', store) KVSessionExtension(prefixed_store, app) from .gateway import proxy from .auth import web from .auth.gitlab_auth import gitlab_login, gitlab_get_tokens, gitlab_logout from .auth.jupyterhub_auth import jupyterhub_login, jupyterhub_get_tokens, jupyterhub_logout
def _app(store): app = Flask(__name__) app.kvsession = KVSessionExtension(store, app) app.config['TESTING'] = True app.config['SECRET_KEY'] = 'devkey' @app.route('/') def index(): return 'nothing to see here, move along' @app.route('/store-in-session/<key>/<value>/') def store(key, value): session[key] = value return 'stored %r at %r' % (value, key) @app.route('/store-datetime/') def store_datetime(): t = datetime(2011, 8, 10, 15, 46, 00) session['datetime_key'] = t return 'ok' @app.route('/delete-from-session/<key>/') def delete(key): del session[key] return 'deleted %r' % key @app.route('/destroy-session/') def destroy(): session.destroy() return 'session destroyed' @app.route('/make-session-permanent/') def make_permanent(): session.permanent = True return 'made session permanent' @app.route('/dump-session/') def dump(): return json.dumps(dict(session)) @app.route('/dump-datetime/') def dump_datetime(): return str(session['datetime_key']) @app.route('/regenerate-session/') def regenerate(): session.regenerate() return 'session regenerated' @app.route('/is-kvsession/') def is_kvsession(): return str(isinstance(session._get_current_object(), KVSession)) @app.route('/is-new-session/') def is_new_session(): return str(session.new) @app.route('/is-modified-session/') def is_modified_session(): return str(session.modified) @app.route('/destroy-immediately/') def destroy_immediately(): # from issue # 1. Set a session. # works implicitly # 2. Update session with keys. session['foo'] = 'bar' # 3. Destroy. session.destroy() # 4. Check if destroy worked. # ???? # 5. PROFIT return 'PROFIT' return app
import os from flask_kvsession import KVSessionExtension from flask_kvsession import SessionID from flask import current_app from simplekv.memory.redisstore import RedisStore from simplekv.db.sql import SQLAlchemyStore from sqlalchemy import create_engine, MetaData from simplekv.decorator import PrefixDecorator if os.environ.get('IS_PROD', None): store = RedisStore( redis.StrictRedis(host=os.environ.get('redis_host', None), port=os.environ.get('redis_port', None), db=os.environ.get('db', None), password=os.environ.get('redis_password'))) prefix_store = PrefixDecorator('session_', store) s = KVSessionExtension(prefix_store, current_app) else: if os.environ.get('IS_PROD'): engine = create_engine(os.environ.get('CLEARDB_DATABASE_URL')) else: from techmarketplace import Configuration engine = create_engine( 'mysql+mysqlconnector://{0}:{1}@localhost/projectdb'.format( Configuration.dbuser, Configuration.dbpw)) metadata = MetaData(bind=engine) store = SQLAlchemyStore(engine, metadata, 'session') # metadata.create_all() prefix_store = PrefixDecorator('session_', store) kvsession_extension = KVSessionExtension(prefix_store, current_app)
from . import default_config from .model import db, CsrfToken # Flask setup app = Flask(__name__) # Load custom configuration app.config.from_object(default_config) app.config.from_pyfile("app.cfg", silent=True) # Database setup db.init_app(app) # Session setup try: os.makedirs(app.config['DEFAULT_SESSION_DIRECTORY']) except FileExistsError: pass # Using signed cookies here on the client side (itsdangerous) session_manager = KVSessionExtension(FilesystemStore(app.config['DEFAULT_SESSION_DIRECTORY']), app) # Create database and make sure to clean up expired sessions with app.app_context(): db.create_all() try: session_manager.cleanup_sessions() except: pass
db = SQLAlchemy(app) SQLAlchemy.health = health from flask_kvsession import KVSessionExtension from simplekv.memory.redisstore import RedisStore redis_url = urlparse.urlparse(app.config.get('REDIS_URL')) redis_server = redis.StrictRedis( host=redis_url.hostname, port=redis_url.port, password=redis_url.password ) store = RedisStore(redis_server) kv_store = KVSessionExtension(store, app) Health(app, checks=[db.health]) # Audit, error handling and after_request headers all handled by lrutils Audit(app) ErrorHandler(app) app.after_request(eh_after_request) if not app.debug: app.logger.addHandler(logging.StreamHandler()) app.logger.setLevel(logging.INFO) if app.config.get('BASIC_AUTH_USERNAME'): app.config['BASIC_AUTH_FORCE'] = True basic_auth = BasicAuth(app)
# database connection app.config['MONGODB_SETTINGS'] = {'DB': config.DB} app.config['SECRET_KEY'] = config.SECRET_KEY app.debug = config.DEBUG # initialize MongoEngine with app db = MongoEngine() db.init_app(app) store = MongoStore( getattr(db.connection, config.DB), config.SESSION_STORE) session = KeyValueStore() # Substitute client-side with server-side sessions kv_session = KVSessionExtension() kv_session.init_app(app, store) # initialize Flask-Login with app login_manager = LoginManager() login_manager.init_app(app) # initialize encryption mechanism bcrypt = Bcrypt() bcrypt.init_app(app) from server.auth.views import mod_auth from server.nest.views import mod_nest from server.public.views import mod_public from server.nest.libs import Plugin