Merge c8d5ae4015 into 4410aaa504

2025-05-05 12:41:49 +02:00 · 2017-05-08 20:19:01 +00:00 · 2017-05-08 20:19:01 +00:00 · 658abc6523
commit 658abc6523
parent 4410aaa504 c8d5ae4015
8 changed files with 89 additions and 6 deletions
--- a/budget/default_settings.py
+++ b/budget/default_settings.py
@ -8,3 +8,7 @@ SQLALCHEMY_TRACK_MODIFICATIONS = False
 SECRET_KEY = "tralala"

 MAIL_DEFAULT_SENDER = ("Budget manager", "budget@notmyidea.org")
+
+ADMIN_PASS = ""
+
+PUBLIC_PROJECT_CREATION = True
--- a/budget/forms.py
+++ b/budget/forms.py
@ -83,6 +83,11 @@ class AuthenticationForm(FlaskForm):
    submit = SubmitField(_("Get in"))


+class AdminAuthenticationForm(FlaskForm):
+    admin_pass = PasswordField(_("Admin password"), validators=[Required()])
+    submit = SubmitField(_("Get in"))
+
+
 class PasswordReminder(FlaskForm):
    id = StringField(_("Project identifier"), validators=[Required()])
    submit = SubmitField(_("Send me the code by email"))
--- a/budget/templates/authenticate.html
+++ b/budget/templates/authenticate.html
@ -7,7 +7,13 @@
 to") }} <a href="{{ url_for(".create_project", project_id=create_project) }}">{{ _("create it") }}</a>{{ _("?") }}
 </p>
 {% endif %}
+{% if admin %}
+<form class="form-horizontal" method="POST" accept-charset="utf-8">
+    {{ forms.authenticate_admin(form) }}
+</form>
+{% else %}
 <form class="form-horizontal" method="POST" accept-charset="utf-8">
    {{ forms.authenticate(form) }}
 </form>
+{% endif %}
 {% endblock %}
--- a/budget/templates/forms.html
+++ b/budget/templates/forms.html
@ -45,6 +45,16 @@

 {% endmacro %}

+{% macro authenticate_admin(form) %}
+
+    {% include "display_errors.html" %}
+
+    {{ form.hidden_tag() }}
+    {{ input(form.admin_pass) }}
+    {{ submit(form.submit) }}
+
+{% endmacro %}
+
 {% macro create_project(form, home=False) %}

    {% include "display_errors.html" %}
--- a/budget/templates/home.html
+++ b/budget/templates/home.html
@ -5,7 +5,9 @@
    <header id="header" class="row">
      <div class="col-5  offset-md-2">
            <h2>{{ _("Manage your shared <br>expenses, easily") }}</h2>
+            {% if public_project_creation %}
            <a href="{{ url_for(".demo") }}" class="tryout btn">{{ _("Try out the demo")  }}</a>
+            {% endif %}
        </div>
        <div class="col-4">
            <p class="additional-content">{{ _("You're sharing a house?") }}<br /> {{ _("Going on holidays with friends?") }}<br /> {{ _("Simply sharing money with others?") }} <br /><strong>{{ _("We can help!") }}</strong></p>
@ -26,6 +28,7 @@
            </form>
        </div>
        <div class="col-3 offset-md-1">
+            {% if public_project_creation %}
            <form id="creation-form" class="form-horizontal" action="{{ url_for(".create_project") }}" method="post">
                <fieldset class="form-group">
                    <legend>...{{ _("or create a new one") }}</legend>
@ -35,6 +38,9 @@
                    <button class="btn" type="submit">{{ _("let's get started") }}</button>
                </div>
            </form>
+            {% else %}
+            <a href="{{ url_for(".create_project") }}">...{{ _("or create a new one") }}</a>
+            {% endif %}
        </main>
    </div>
 {% endblock %}
--- a/budget/translations/fr/LC_MESSAGES/messages.mo
+++ b/budget/translations/fr/LC_MESSAGES/messages.mo
--- a/budget/translations/fr/LC_MESSAGES/messages.po
+++ b/budget/translations/fr/LC_MESSAGES/messages.po
@ -41,6 +41,10 @@ msgstr "Email"
 msgid "Project identifier"
 msgstr "Identifiant du projet"

+#: forms.py:87
+msgid "Admin password"
+msgstr "Mot de passe administrateur"
+
 #: forms.py:87 templates/send_invites.html:5
 msgid "Create the project"
 msgstr "Créer le projet"
@ -158,6 +162,10 @@ msgstr "remboursements"
 msgid "Export file format"
 msgstr "Format du fichier d'export"

+#: web.py:95
+msgid "This admin password is not the right one"
+msgstr "Le mot de passe administrateur que vous avez entré n'est pas correct"
+
 #: web.py:95
 msgid "This private code is not the right one"
 msgstr "Le code que vous avez entré n'est pas correct"
--- a/budget/web.py
+++ b/budget/web.py
@ -16,11 +16,12 @@ from flask_babel import get_locale, gettext as _
 from smtplib import SMTPRecipientsRefused
 import werkzeug
 from sqlalchemy import orm
+from functools import wraps

 # local modules
 from models import db, Project, Person, Bill
-from forms import AuthenticationForm, EditProjectForm, InviteForm, \
-    MemberForm, PasswordReminder, ProjectForm, get_billform_for, \
+from forms import AdminAuthenticationForm, AuthenticationForm, EditProjectForm, \
+    InviteForm, MemberForm, PasswordReminder, ProjectForm, get_billform_for, \
    ExportForm
 from utils import Redirect303, list_of_dicts2json, list_of_dicts2csv

@ -28,6 +29,19 @@ main = Blueprint("main", __name__)
 mail = Mail()


+def require_admin(f):
+    """Require admin permissions for @require_admin decorated endpoints.
+       Has no effect if ADMIN_PASS is empty (default value)
+    """
+    @wraps(f)
+    def admin_auth(*args, **kws):
+        admin_pass = session.get('admin_pass', '')
+        if not admin_pass == current_app.config['ADMIN_PASS']:
+            raise Redirect303(url_for('.authenticate_admin', goto=request.path))
+        return f(*args, **kws)
+    return admin_auth
+
+
@main.url_defaults
 def add_project_id(endpoint, values):
    """Add the project id to the url calls if it is expected.
@ -66,6 +80,23 @@ def pull_project(endpoint, values):
                    url_for(".authenticate", project_id=project_id))


+@main.route("/authenticate_admin", methods=["GET", "POST"])
+def authenticate_admin():
+    """Admin authentication"""
+    form = AdminAuthenticationForm()
+    goto = request.args.get('goto', url_for('.home'))
+    if request.method == "POST":
+        if form.validate():
+            if form.admin_pass.data == current_app.config['ADMIN_PASS']:
+                session['admin_pass'] = form.admin_pass.data
+                session.update()
+                return redirect(goto)
+            else:
+                msg = _("This admin password is not the right one")
+                form.errors['admin_pass'] = [msg]
+    return render_template("authenticate.html", form=form, admin=True)
+
+
@main.route("/authenticate", methods=["GET", "POST"])
 def authenticate(project_id=None):
    """Authentication form"""
@ -119,13 +150,20 @@ def authenticate(project_id=None):

@main.route("/")
 def home():
-    project_form = ProjectForm()
    auth_form = AuthenticationForm()
-    return render_template("home.html", project_form=project_form,
-            auth_form=auth_form, session=session)
+    public_project_creation = current_app.config['PUBLIC_PROJECT_CREATION']
+    if public_project_creation:
+        project_form = ProjectForm()
+        return render_template("home.html", project_form=project_form,
+                               public_project_creation=public_project_creation,
+                               auth_form=auth_form, session=session)
+    # If public_project_creation is False we don't need to pass a project form to home
+    return render_template("home.html", public_project_creation=public_project_creation,
+                           auth_form=auth_form, session=session)


@main.route("/create", methods=["GET", "POST"])
+@require_admin
 def create_project():
    form = ProjectForm()
    if request.method == "GET" and 'project_id' in request.values:
@ -259,8 +297,14 @@ def demo():

    Create a demo project if it doesnt exists yet (or has been deleted)
    """
+    public_project_creation = current_app.config['PUBLIC_PROJECT_CREATION']
    project = Project.query.get("demo")
-    if not project:
+
+    # Demo project is not automatically created if public project creation is disabled
+    if not project and not public_project_creation:
+        raise Redirect303(url_for(".create_project",
+                                  project_id='demo'))
+    if not project and public_project_creation:
        project = Project(id="demo", name=u"demonstration", password="demo",
                contact_email="demo@notmyidea.org")
        db.session.add(project)