def test_captcha_warning_on_non_server_storage(self):
self.app.config['SESSION_TYPE'] = 'null'
Session(self.app)
with self.assertRaises(RuntimeWarning):
FlaskSessionCaptcha(self.app)
self.app.config['SESSION_TYPE'] = None
Session(self.app)
with self.assertRaises(RuntimeWarning):
FlaskSessionCaptcha(self.app)
def test_mongodb_session(self):
app = flask.Flask(__name__)
app.testing = True
app.config['SESSION_TYPE'] = 'mongodb'
Session(app)
@app.route('/set', methods=['POST'])
def set():
flask.session['value'] = flask.request.form['value']
return 'value set'
@app.route('/get')
def get():
return flask.session['value']
@app.route('/delete', methods=['POST'])
def delete():
del flask.session['value']
return 'value deleted'
c = app.test_client()
self.assertEqual(
c.post('/set', data={
'value': '42'
}).data, b'value set')
self.assertEqual(c.get('/get').data, b'42')
c.post('/delete')
def test_flasksqlalchemy_session_with_signer(self):
app = flask.Flask(__name__)
app.debug = True
app.secret_key = 'test_secret_key'
app.config['SESSION_TYPE'] = 'sqlalchemy'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///'
app.config['SESSION_USE_SIGNER'] = True
session = Session(app)
@app.route('/set', methods=['POST'])
def set():
flask.session['value'] = flask.request.form['value']
return 'value set'
@app.route('/get')
def get():
return flask.session['value']
@app.route('/delete', methods=['POST'])
def delete():
del flask.session['value']
return 'value deleted'
c = app.test_client()
self.assertEqual(
c.post('/set', data={
'value': '42'
}).data, b'value '
b'set')
self.assertEqual(c.get('/get').data, b'42')
c.post('/delete')
def test_filesystem_session(self):
app = flask.Flask(__name__)
app.config['SESSION_TYPE'] = 'filesystem'
app.config['SESSION_FILE_DIR'] = tempfile.gettempdir()
Session(app)
@app.route('/set', methods=['POST'])
def set():
flask.session['value'] = flask.request.form['value']
return 'value set'
@app.route('/get')
def get():
return flask.session['value']
@app.route('/delete', methods=['POST'])
def delete():
del flask.session['value']
return 'value deleted'
c = app.test_client()
self.assertEqual(
c.post('/set', data={
'value': '42'
}).data, b'value set')
self.assertEqual(c.get('/get').data, b'42')
c.post('/delete')
def test_dynamodb_session(self, session):
app = flask.Flask(__name__)
app.testing = True
app.config['SESSION_TYPE'] = 'dynamodb'
with patch('boto3.Session') as mockSession:
mockSession.return_value = session
Session(app)
@app.route('/set', methods=['POST'])
def set_val():
flask.session['value'] = flask.request.form['value']
return 'value set'
@app.route('/get')
def get():
return flask.session['value']
@app.route('/delete', methods=['POST'])
def delete():
del flask.session['value']
return 'value deleted'
c = app.test_client()
self.assertEqual(c.post('/set', data={'value': '42'}).data, b'value set')
self.assertEqual(c.get('/get').data, b'42')
c.post('/delete')
def test_flasksqlalchemy_session(self):
app = flask.Flask(__name__)
app.debug = True
app.config['SESSION_TYPE'] = 'sqlalchemy'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
session = Session(app)
session.app.session_interface.db.create_all()
@app.route('/set', methods=['POST'])
def set_val():
flask.session['value'] = flask.request.form['value']
return 'value set'
@app.route('/get')
def get():
return flask.session['value']
@app.route('/delete', methods=['POST'])
def delete():
del flask.session['value']
return 'value deleted'
c = app.test_client()
self.assertEqual(c.post('/set', data={'value': '42'}).data, b'value '
b'set')
self.assertEqual(c.get('/get').data, b'42')
c.post('/delete')
def test_flasksqlalchemy_session(self):
app = flask.Flask(__name__)
app.debug = True
app.config['SESSION_TYPE'] = 'sqlalchemy'
app.config['SQLALCHEMY_DATABASE_URI'] = '/tmp/minitwit.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
session = Session(app)
session.app.session_interface.db.create_all()
def setup_sessions(app):
session_type = os.environ.get("SESSION_TYPE", "None")
app.logger.debug("Session Type {}".format(session_type))
if session_type not in VALID_SESSION_TYPE:
message = "Invalid session type {}. Valid Options {}".format(
session_type, VALID_SESSION_TYPE)
app.logger.error(message)
raise (InvalidSessionType(message))
if session_type == "None":
app.session_interface = CustomSessionInterface()
return
from flask_sessionstore import Session
app.config["SESSION_TYPE"] = session_type
app.config["SESSION_KEY_PREFIX"] = os.environ.get("SESSION_KEY_PREFIX",
"SESSION")
app.logger.debug("SESSION_KEY_PREFIX: {}".format(
app.config["SESSION_KEY_PREFIX"]))
if session_type == "filesystem":
app.config["SESSION_FILE_DIR"] = gettempdir()
elif session_type == "redis":
import redis
redis_host = os.environ.get("REDIS_HOST", None)
app.logger.debug("Using Redis Host {} for Sessions".format(redis_host))
app.config["SESSION_REDIS"] = redis.StrictRedis(redis_host)
else:
app.logger.debug("Using DynamoDB Session Table")
app.config["SESSION_DYNAMODB_TABLE"] = os.environ.get(
"SESSION_DYNAMODB_TABLE", "SessionTable")
app.config["SESSION_DYNAMODB_REGION"] = os.environ.get(
"SESSION_DYNAMODB_REGION", "us-east-1")
app.config["SESSION_DYNAMODB_ENDPOINT_URL"] = os.environ.get(
"SESSION_DYNAMODB_ENDPOINT_URL", None)
app.logger.debug("SESSION_DYNAMODB_TABLE: {}".format(
app.config["SESSION_DYNAMODB_TABLE"]))
app.logger.debug("SESSION_DYNAMODB_REGION: {}".format(
app.config["SESSION_DYNAMODB_REGION"]))
app.logger.debug("SESSION_DYNAMODB_ENDPOINT_URL: {}".format(
app.config["SESSION_DYNAMODB_ENDPOINT_URL"]))
# Should Session Cookies Be Insecure?
# This is bad, and should only be used in dev
insecure_cookie = os.environ.get("SESSION_COOKIE_INSECURE", False)
if not insecure_cookie:
app.config["SESSION_COOKIE_SECURE"] = True
else:
app.logger.warning("You Are Using InSecure Session Cookies")
app.config["SESSION_COOKIE_DOMAIN"] = os.environ.get(
"SESSION_COOKIE_DOMAIN", None)
app.logger.debug("Using Security Session Cookie: {}".format(
app.config["SESSION_COOKIE_SECURE"]))
app.logger.debug("Using Session Cookie Domain: {}".format(
app.config["SESSION_COOKIE_DOMAIN"])) # override the fl
app.logger.debug("Using Server Name: {}".format(
app.config["SERVER_NAME"])) # override the fl
Session(app)
def test_captcha_session_file_storage(self):
self.app.config['SESSION_TYPE'] = 'filesystem'
Session(self.app)
captcha = FlaskSessionCaptcha(self.app)
_default_routes(captcha, self.app)
r = self.client.get("/")
r = self.client.post("/", data={"s": "something", "captcha": r.data.decode('utf-8')})
assert r.data == b"ok"
def setUp(self):
self.app = Flask(__name__)
self.app.config['SECRET_KEY'] = 'aba'
self.app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://'
self.app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
self.app.config['SESSION_TYPE'] = 'sqlalchemy'
self.app.config['CAPTCHA_ENABLE'] = True
self.app.config['CAPTCHA_LENGTH'] = 5
self.app.testing = True
Session(self.app)
self.client = self.app.test_client()
def test_null_session(self):
app = flask.Flask(__name__)
Session(app)
def expect_exception(f, *args, **kwargs):
try:
f(*args, **kwargs)
except RuntimeError as e:
self.assertTrue(e.args and 'session is unavailable' in e.args[0])
else:
self.assertTrue(False, 'expected exception')
with app.test_request_context():
self.assertTrue(flask.session.get('missing_key') is None)
expect_exception(flask.session.__setitem__, 'foo', 42)
expect_exception(flask.session.pop, 'foo')
def create_app(info=None):
app = Flask(__name__)
app.config.from_object('config')
Session(app)
ckeditor = CKEditor(app)
gravatar = Gravatar(app,
size=100,
rating='pg',
default='identicon',
force_default=False,
force_lower=False,
use_ssl=True,
base_url=None)
app.register_blueprint(error_pages)
app.register_blueprint(nav)
app.register_blueprint(menu)
app.register_blueprint(user_view)
app.register_blueprint(admin_view)
app.register_blueprint(admin_forum_view)
app.register_blueprint(forum_view)
app.register_blueprint(warnings)
app.register_blueprint(log_view)
db.init_app(app)
SqlAlchemySessionInterface(app, db, "sessions", "my_", permanent=False)
migrate.init_app(app, db)
login_manager.init_app(app)
mail.init_app(app)
cli.init_app(app)
celery.conf.update(app.config)
reset_user_warnings.apply_async(countdown=60)
@app.before_request
def set_online_status():
from flask import request
from flask_login import current_user
if current_user.is_authenticated():
current_user.lastactive = datetime.utcnow()
rdb.setex(current_user.id, 600, current_user.display)
db.session.commit()
@app.shell_context_processor
def shell_context():
return {'app': app, 'db': db}
return app
def test_session_use_signer(self):
app = flask.Flask(__name__)
app.secret_key = 'test_secret_key'
app.config['SESSION_TYPE'] = 'redis'
app.config['SESSION_USE_SIGNER'] = True
Session(app)
@app.route('/set', methods=['POST'])
def set_val():
flask.session['value'] = flask.request.form['value']
return 'value set'
@app.route('/get')
def get():
return flask.session['value']
c = app.test_client()
self.assertEqual(c.post('/set', data={'value': '42'}).data, b'value set')
self.assertEqual(c.get('/get').data, b'42')
def create_app():
"""Construct the core application."""
app = Flask(__name__, instance_relative_config=False)
app.register_blueprint(auth_bp, url_prefix='/auth')
app.register_blueprint(errors_bp, url_prefix='/error')
app.config.from_object('config.Config')
db.init_app(app)
store.bind(db)
login_manager.init_app(app)
Session(app)
captcha = FlaskSessionCaptcha(app)
captcha.init_app(app)
with app.app_context():
from . import routes # Import routes
db.create_all() # Create sql tables for our data models
return app
def configure_saml(ssm_client, app):
# Create a SQLalchemy db for session and permission storge.
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///acforge.db'
app.config[
'SQLALCHEMY_TRACK_MODIFICATIONS'] = False # suppress warning messages
app.config['SESSION_TYPE'] = 'sqlalchemy'
db = SQLAlchemy(app)
session_store = Session(app)
session_store.app.session_interface.db.create_all()
# load permissions file
# TODO think about whether we want to restrict based on environment tags or regions
try:
with open(path.join(path.dirname(__file__),
'permissions.json')) as json_data:
app.json_perms = json.load(json_data)
except Exception:
log.error('could not open permissions.json; SAML auth will not work!')
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1)
log.info('SAML auth configured')
if getenv('SAML_METADATA_URL'):
app.config['SAML_METADATA_URL'] = getenv('SAML_METADATA_URL')
else:
try:
saml_protocol = ssm_client.get_parameter(
Name='atl_forge_saml_metadata_protocol', WithDecryption=True)
saml_url = ssm_client.get_parameter(
Name='atl_forge_saml_metadata_url', WithDecryption=True)
app.config[
'SAML_METADATA_URL'] = f"{saml_protocol['Parameter']['Value']}://{saml_url['Parameter']['Value']}"
except Exception:
log.error(
'SAML is configured but there is no SAML metadata URL in the parameter store - exiting'
)
sys.exit(1)
flask_saml.FlaskSAML(app)
def create_app():
app = Flask(__name__)
# sessionを使う際にSECRET_KEYを設定
app.config['SECRET_KEY'] = b'R\x1c`\x8d\xed_\xe5\xd6\x8d\xef\xc6\x19g- J'
# ここから /// 画像アップロードの設定
# 画像のアップロード先のディレクトリ
app.config["IMAGE_UPLOADS"] = 'flmapp/static/user_image'
app.config["ORIGINAL_IMAGE_UPLOADS"] = 'flmapp/static/original_user_image'
app.config["ITEM_IMAGE_UPLOADS"] = 'flmapp/static/item_image'
app.config["ITEM_TEMP_IMAGE_UPLOADS"] = 'flmapp/static/item_temp_image'
app.config[
"ORIGINAL_ITEM_IMAGE_UPLOADS"] = 'flmapp/static/original_item_image'
# アップロードされる拡張子の制限
app.config["ALLOWED_IMAGE_EXTENSIONS"] = ["JPEG", "JPG", "PNG", "GIF"]
# 画像サイズの制限
app.config["MAX_IMAGE_FILESIZE"] = 0.5 * 1024 * 1024
# ここまで /// 画像アップロードの設定
# ここから /// データベースの設定
# DBはSQLiteを使う
#! パスを変えてください
app.config['SQLALCHEMY_DATABASE_URI'] = \
'sqlite:///' + "/Users/shimomuramei/Desktop/set_prefs/data.sqlite"
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['SQLALCHEMY_ECHO'] = False
# ここまで /// データベースの設定
# ここから /// メール送信の設定
app.config['DEBUG'] = True # デバッグのサポート
app.config['TESTING'] = False
app.config['MAIL_SERVER'] = 'smtp.gmail.com'
app.config['MAIL_PORT'] = 587
app.config['MAIL_USE_TLS'] = True
app.config['MAIL_USE_SSL'] = False
app.config['MAIL_USERNAME'] = '******'
app.config['MAIL_PASSWORD'] = '******'
app.config['MAIL_DEFAULT_SENDER'] = '*****@*****.**'
app.config['MAIL_MAX_EMAILS'] = 5 #送信するメールの最大数
app.config['MAIL_SUPPRESS_SEND'] = False
app.config['MAIL_ASCII_ATTACHHMENTS'] = False
# ここまで /// メール送信の設定
# ここから /// キャプチャの設定
app.config['CAPTCHA_ENABLE'] = True
app.config['CAPTCHA_LENGTH'] = 5
app.config['CAPTCHA_WIDTH'] = 160
app.config['CAPTCHA_HEIGHT'] = 100
app.config['SESSION_TYPE'] = 'sqlalchemy'
# ここまで /// キャプチャの設定
db.init_app(app)
migrate.init_app(app, db)
login_manager.init_app(app)
mail.init_app(app)
Session(app)
captcha = FlaskSessionCaptcha(app)
CSRFProtect(app)
# カスタムテンプレートフィルターの登録
app.add_template_filter(replace_newline)
# 分割したblueprintを登録する
from flmapp.views import (auth, mypage, route, sell, item, buy,
transaction, ajax, user, history, search,
todolist)
app.register_blueprint(auth.bp)
app.register_blueprint(mypage.bp)
app.register_blueprint(route.bp)
app.register_blueprint(sell.bp)
app.register_blueprint(item.bp)
app.register_blueprint(buy.bp)
app.register_blueprint(transaction.bp)
app.register_blueprint(ajax.bp)
app.register_blueprint(user.bp)
app.register_blueprint(history.bp)
app.register_blueprint(search.bp)
app.register_blueprint(todolist.bp)
return app
import flask from flask_sessionstore import Session # from pfchar.settings import SECRET_KEY, DEBUG from pfchar.settings import DEBUG from pfchar.server.views import Views from pfchar.server.routes import Routes from pfchar.server.rest import RESt from pfchar.database.connection import redis_instance_sessions app = flask.Flask(__name__) SESSION_TYPE = 'redis' SESSION_REDIS = redis_instance_sessions app.config.from_object(__name__) Session(app) views = Views() rest = RESt() routes = Routes(app, views, rest)
# app.permanent_session_lifetime = timedelta(minutes=5)
# Custom filter
app.jinja_env.filters["usd"] = usd
# Configure session to use filesystem (instead of signed cookies)
# app.config["SESSION_FILE_DIR"] = mkdtemp()
# app.config["SESSION_PERMANENT"] = True
# app.config["SESSION_TYPE"] = "filesystem"
# Session(app)
# Configure session to use sqlalchemy (instead of signed cookies)
app.config['SESSION_TYPE'] = 'sqlalchemy'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
session1 = Session(app)
session1.app.session_interface.db.create_all()
# Configure CS50 Library to use SQLite database
if os.environ.get("ENVIRONMENT") == "DEV":
db = SQL("sqlite:///finance-dev.db")
elif os.environ.get("ENVIRONMENT") == "PROD":
db = SQL("sqlite:///finance.db")
else:
raise RuntimeError("ENVIRONMENT not set")
# Make sure API key is set
if not os.environ.get("API_KEY"):
raise RuntimeError("API_KEY not set")
import config
IMAGE_NAME = "./static/very_good_security.png"
MAX_COOKIE_SIZE = 100
from werkzeug.debug import DebuggedApplication
app = Flask(__name__)
app.secret_key = config.SECRET_KEY
app.config['SESSION_TYPE'] = 'filesystem'
app.config['ENV'] = 'development'
app.config['TESTING'] = True
app.wsgi_app = DebuggedApplication(app.wsgi_app, True)
app.debug = True
sess = Session()
sess.init_app(app)
if __name__ == "__main__":
app.run(host='0.0.0.0:5000')
@app.route('/', methods=('GET', 'POST'))
def index():
if request.method == 'GET':
return initiate_page()
if request.method == 'POST':
return prepare_pixel_payload()
def initiate_page():
# Download the image and get an RGB pixel array
login_manager.init_app(flask_app)
# flask_app.config['SESSION_TYPE'] = 'redis'
#print("CONFIG", flask_app.config)
#flask_app.config.from_object(Config)
#SESSION_TYPE = 'redis'
#flask_app.config.from_object(__name__)
#sess = Session()
#sess.init_app(flask_app)
flask_app.config.update(config)
Session(flask_app)
# Flask-Login helper to retrieve a user from our db
@login_manager.user_loader
def load_user(user_id):
app = App(request.host)
# print("load user", app, user_id)
try:
return User.get(app, user_id)
except UserNotFound:
return None
# OAuth 2 client setup
# client = WebApplicationClient(GOOGLE_CLIENT_ID)
# def __init__(self , loggeduser , lastlogintime, lastlogouttime,):
# self.loggeduser = loggeduser
# self.lastlogintime = lastlogintime
# self.lastlogouttime = lastlogouttime
# def __init__(self , loggeduser , lastlogintime, lastlogouttime):
# self.loggeduser = loggeduser
# self.lastlogintime = lastlogintime
# self.lastlogouttime = lastlogouttime
#users = db.relationship(users)
#WTF_CSRF_ENABLED = True
# cache = Cache(app, config={'CACHE_TYPE': 'simple'})
sess = Session(app)
csrf = CSRFProtect(app)
csrf.init_app(app)
#sess.init_app(app)
#@app.route('/robots.txt', methods=['POST', 'GET'])
#def static_from_root():
# return send_from_directory(app.static_folder, request.path[1:])
@app.route('/register', methods=['POST', 'GET'])
def register():
if request.method == 'POST':
checkuserspecial = request.form['username']
if not (regex.search(checkuserspecial) == None):
flash('Username has special Characters bro, try again.')
return redirect(url_for('register'))
from flask_migrate import Migrate, MigrateCommand
if db.engine.url.drivername == 'sqlite':
migrate = Migrate(app, db, compare_type=True, render_as_batch=True)
else:
migrate = Migrate(app, db, compare_type=True)
manager = Manager(app)
manager.add_command('db', MigrateCommand)
# Captcha
captcha = None
if app.config.get('CAPTCHA', 1) == 1:
try:
from flask_sessionstore import Session, SqlAlchemySessionInterface
from captchas import MyFlaskSessionCaptcha as FlaskSessionCaptcha
app.config['SESSION_TYPE'] = 'sqlalchemy'
session = Session(app)
SqlAlchemySessionInterface(app, db, "sessions", "sess_")
# session.app.session_interface.db.create_all()
app.config['CAPTCHA_ENABLE'] = True
app.config['CAPTCHA_LENGTH'] = 5
app.config['CAPTCHA_WIDTH'] = 320
app.config['CAPTCHA_HEIGHT'] = 50
captcha = FlaskSessionCaptcha(app)
except:
app.logger.info("flask_sessionstore non fonctionnel")
app.config['CAPTCHA'] = 0
# Connexion avec Flask_mail
try:
from flask_mail import Mail
mail = Mail(app)
import PIL
from brother_ql.conversion import convert
from brother_ql.backends.helpers import send
from brother_ql.raster import BrotherQLRaster
# unit: pixels
PRINT_WIDTH=696
# app setup
app = Flask(__name__)
app.config.from_object(__name__)
app.secret_key = os.urandom(24)
app.config['SESSION_TYPE'] = 'filesystem'
Session(app) #server side storage config
# return css static files
@app.route('/Semantic-UI-CSS/<path:path>')
def send_js(path):
return send_from_directory('Semantic-UI-CSS', path)
# return a label svg template from collection
@app.route('/svgtemplate/<path:path>')
def send_label(path):
is_recent = path.startswith('recent')
path = os.path.join('templates', 'labels', path)
cached_png = path.replace('.svg', '.png')
if not os.path.exists(cached_png) or os.path.getmtime(path) > os.path.getmtime(cached_png):
#DATABASE = '/tmp/minitwit.db'
PER_PAGE = 30
DEBUG = True
SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
# create our little application :)
app = Flask('minitwit')
app.config.from_object(__name__)
# No longer needed to have unique settings after Session DB reconfigure
# app.config.from_envvar('MINITWIT_SETTINGS', silent=True)
# Session DB config..
#app.config['SESSION_TYPE'] = 'sqlalchemy'
app.config['SESSION_TYPE'] = 'redis'
#app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:////tmp/minitwit.db'
#app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = 'True'
session_app = Session(app)
api_basic_auth = ApiBasicAuth(app)
mongo = PyMongo(app)
#def init_db():
# Added for Session DB
# We can consider migrating this to MongoDB as well via http://flask.pocoo.org/snippets/110/
# session_app.app.session_interface.db.create_all()
#@app.cli.command('initdb')
#def initdb_command():
# """Creates the database tables."""
# init_db()
# print('Initialized the database.')
PER_PAGE = 30
DEBUG = False
SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
# create our little application :)
app = Flask('minitwit')
app.config.from_object(__name__)
client = MongoClient('localhost')
mongo = PyMongo(app) # MONGO CODE
app.config.update(dict(DEBUG=True, SECRET_KEY='development key'))
REDIS_URL = os.getenv('REDISTOGO_URL', 'redis://*****:*****@app.route('/set', methods=['POST'])
# def set_val():
# flask.session['value'] = flask.request.form['value']
# return 'value set'
#
# @app.route('/get')
# def get():
from flask_sqlalchemy import SQLAlchemy
from flask_uploads import configure_uploads, patch_request_class
from flask_wtf.csrf import CSRFProtect
from redis import Redis
from werkzeug.exceptions import default_exceptions
# DEBUG ONLY
# from flask_cors import CORS
api = Api()
db = SQLAlchemy()
csrf = CSRFProtect()
mail = Mail()
security = Security()
sess = Session()
socketio = SocketIO(manage_session=False)
redisInstance = Redis()
def create_app():
"""Create Onitools aplication."""
app = Flask(__name__)
# App configuration
app.config.from_object('onitools.app.default_settings')
app.config.from_envvar('ONITOOLS_SETTINGS')
from .models import user_datastore