diff --git a/.gitignore b/.gitignore
index cb78e40b..f1083404 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ dist
docs/_build/
.tox
dist
+.cache/
diff --git a/budget/default_settings.py b/budget/default_settings.py
index f17651bc..e656ece2 100644
--- a/budget/default_settings.py
+++ b/budget/default_settings.py
@@ -11,7 +11,7 @@ MAIL_DEFAULT_SENDER = ("Budget manager", "budget@notmyidea.org")
ACTIVATE_DEMO_PROJECT = True
-ADMIN_PASSWORD = "pbkdf2:sha256:50000$jc3isZTD$b3be8d04ed5c2c1ac89d5eb777facc94adaee48d473c9620f1e0cb73f3dcfa11"
+ADMIN_PASSWORD = ""
ALLOW_PUBLIC_PROJECT_CREATION = True
diff --git a/budget/run.py b/budget/run.py
index 8144707f..5e65c905 100644
--- a/budget/run.py
+++ b/budget/run.py
@@ -71,19 +71,6 @@ def configure():
UserWarning
)
- if not app.config['ADMIN_PASSWORD']:
- app.config['ADMIN_PASSWORD'] = default_settings.ADMIN_PASSWORD
- # Since 2.0
- warnings.warn(
- "The way Ihatemoney handles admin authentication has changed. You seem to be using "
- + "an empty ADMIN_PASSWORD which is not supported anymore. Your ADMIN_PASWWORD has been"
- + " automatically set to the default password to let you access your admin endpoints."
- + " However this password is not secure and must be changed in your settings file. Use"
- + " the command './budget/manage.py generate_password_hash' to generate a proper"
- + " password hash and copy the output to the value of ADMIN_PASSWORD",
- UserWarning
- )
-
configure()
diff --git a/budget/templates/admin.html b/budget/templates/admin.html
new file mode 100644
index 00000000..95fe68b2
--- /dev/null
+++ b/budget/templates/admin.html
@@ -0,0 +1,12 @@
+{% extends "layout.html" %}
+{% block content %}
+Authentication
+
+{% if is_admin_auth_enabled %}
+
+{% else %}
+{{ _("Administration tasks are currently not activated.") }}
+{% endif %}
+{% endblock %}
diff --git a/budget/templates/authenticate.html b/budget/templates/authenticate.html
index f241c487..98914d09 100644
--- a/budget/templates/authenticate.html
+++ b/budget/templates/authenticate.html
@@ -7,13 +7,7 @@
to") }} {{ _("create it") }}{{ _("?") }}
{% endif %}
-{% if admin_auth %}
-
-{% else %}
-{% endif %}
{% endblock %}
diff --git a/budget/templates/layout.html b/budget/templates/layout.html
index bb4153d0..07edb0c1 100644
--- a/budget/templates/layout.html
+++ b/budget/templates/layout.html
@@ -70,7 +70,7 @@
{% endif %}
fr
en
- {% if g.is_dashboard_activated %}
+ {% if g.show_admin_dashboard_link %}
{{ _("Dashboard") }}
{% endif %}
diff --git a/budget/tests/tests.py b/budget/tests/tests.py
index bb265316..040936f3 100644
--- a/budget/tests/tests.py
+++ b/budget/tests/tests.py
@@ -614,6 +614,7 @@ class BudgetTestCase(TestCase):
# test access to the dashboard when it is activated
run.app.config['ACTIVATE_ADMIN_DASHBOARD'] = True
+ run.app.config['ADMIN_PASSWORD'] = generate_password_hash("adminpass")
resp = self.app.post("/admin?goto=%2Fdashboard", data={'admin_password': 'adminpass'},
follow_redirects=True)
self.assertIn('| Project | Number of members', resp.data.decode('utf-8'))
diff --git a/budget/translations/fr/LC_MESSAGES/messages.mo b/budget/translations/fr/LC_MESSAGES/messages.mo
index 9797791b..5e2cc5fe 100644
Binary files a/budget/translations/fr/LC_MESSAGES/messages.mo and b/budget/translations/fr/LC_MESSAGES/messages.mo differ
diff --git a/budget/translations/fr/LC_MESSAGES/messages.po b/budget/translations/fr/LC_MESSAGES/messages.po
index eec04676..09b5af70 100644
--- a/budget/translations/fr/LC_MESSAGES/messages.po
+++ b/budget/translations/fr/LC_MESSAGES/messages.po
@@ -247,6 +247,10 @@ msgstr "le créer"
msgid "?"
msgstr " ?"
+#: templates/authenticate.html:7
+msgid "Administration tasks are currently not activated."
+msgstr "Les tâches d'administration sont actuellement désactivées."
+
#: templates/create_project.html:4
msgid "Create a new project"
msgstr "Créer un nouveau projet"
diff --git a/budget/web.py b/budget/web.py
index 95909158..ea49a2e2 100644
--- a/budget/web.py
+++ b/budget/web.py
@@ -69,11 +69,13 @@ def add_project_id(endpoint, values):
@main.url_value_preprocessor
-def set_is_dashboard_activated(endpoint, values):
- """Set is_dashboard_activated application wide
+def set_show_admin_dashboard_link(endpoint, values):
+ """Set show_admin_dashboard_link application wide
so this variable can be used in the layout template
"""
- g.is_dashboard_activated = current_app.config["ACTIVATE_DASHBOARD"]
+
+ g.show_admin_dashboard_link = (current_app.config["ACTIVATE_ADMIN_DASHBOARD"] and
+ current_app.config["ADMIN_PASSWORD"])
@main.url_value_preprocessor
@@ -106,9 +108,12 @@ def pull_project(endpoint, values):
@main.route("/admin", methods=["GET", "POST"])
def admin():
- """Admin authentication"""
+ """Admin authentication
+ When ADMIN_PASSWORD is empty, admin authentication is deactivated
+ """
form = AdminAuthenticationForm()
goto = request.args.get('goto', url_for('.home'))
+ is_admin_auth_enabled = bool(current_app.config['ADMIN_PASSWORD'])
if request.method == "POST":
if form.validate():
if check_password_hash(current_app.config['ADMIN_PASSWORD'], form.admin_password.data):
@@ -118,7 +123,8 @@ def admin():
else:
msg = _("This admin password is not the right one")
form.errors['admin_password'] = [msg]
- return render_template("authenticate.html", form=form, admin_auth=True)
+ return render_template("admin.html", form=form,
+ is_admin_auth_enabled=is_admin_auth_enabled)
@main.route("/authenticate", methods=["GET", "POST"])
diff --git a/docs/installation.rst b/docs/installation.rst
index 59e658e7..610a844b 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -85,15 +85,16 @@ properly.
+------------------------------+---------------------------+----------------------------------------------------------------------------------------+
| ACTIVATE_DEMO_PROJECT | ``True`` | If set to `True`, a demo project will be available on the frontpage. |
+------------------------------+---------------------------+----------------------------------------------------------------------------------------+
-| | | Hashed password to access protected endpoints. The default password is ``adminpass``. |
-| | | **This needs to be changed** when you disable public project creation or activate the |
-| ADMIN_PASSWORD | ``"pbkdf2:sha256:50.."`` | dashboard. |
+| | | Hashed password to access protected endpoints. When left empty, all administrative |
+| ADMIN_PASSWORD | ``""`` | tasks are disabled. |
| | | To generate the proper password HASH, use ``./budget/manage.py generate_password_hash``|
| | | and copy its output into the value of *ADMIN_PASSWORD*. |
+------------------------------+---------------------------+----------------------------------------------------------------------------------------+
| ALLOW_PUBLIC_PROJECT_CREATION| ``True`` | If set to `True`, everyone can create a project without entering the admin password |
+| | | If set to `False`, a non empty ADMIN_PASSWORD needs to be set |
+------------------------------+---------------------------+----------------------------------------------------------------------------------------+
| ACTIVATE_ADMIN_DASHBOARD | ``False`` | If set to `True`, the dashboard will become accessible entering the admin password |
+| | | If set to `True`, a non empty ADMIN_PASSWORD needs to be set |
+------------------------------+---------------------------+----------------------------------------------------------------------------------------+
.. _`the SQLAlechemy documentation`: http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls
|
|---|