We do not rely on the ADMIN_PASSWORD being defined
or not to ask for admin permissions.
Instead we now have a flexible admin auth that can
be conditionnaly bypassed
* Turn the WSGI file into a python module
* Update conf files to use the new wsgi module
Apache and gunicorn now use the same entrypoint
* Update Changelog
Additionnal files to be distributed along
with the sources are already specified in
the MANIFEST.in file thus the package_data
entry in the setup script can be safely removed
* Use a hashed password for ADMIN_PASSWORD
A generate_password_hash manage.py command is provided
Fixes#233
* Print a console warning for users using a clear text ADMIN_PASSWORD
* Reword ADMIN_PASSWORD doc
* Update changelog
* Update CHANGELOG.rst
- say it out loud
- bump to 2.0 (that's the logic of semantic versioning while introducing breaking changes)
* Bump to 2.0 (breaking change)
* Update hashed password warning message
* Mention the generate password hash in the Changelog
* Add a @requires_admin decorator
It can be used to protect specific endpoints with ADMIN_PASSWORD
(a password that is stored unencrypted in the settings)
The decorator has no effect if ADMIN_PASSWORD is an empty string (default value)
* Require admin permissions to access create project endpoint
When ADMIN_PASSWORD is not empty, project creation form on the
home page will be replaced by a link to the create project endpoint
so one is able to enter the admin password before filling the form
Default settings from app's root path are loaded first
Settings are then overriden by /etc/ihatemoney/ihatemoney.cfg
or by another file which path is set in an env var
Fixes#187
* Fix Python lookup in the Makefile
* Improve the Makefile
To make sure calling for "make serve"
works straight away, the dependencies are
automatically prepared. A "make clean" has
been added, to test this feature.
Add the possibilty to run ihatemoney via Apache mod_wsgi
ihatemoney.wsgi is the entry point for mod_wsgi.
A virtualenv can be activated if its path is specified as
an env var in the apache virtual host file
It was triggering a warning :
> copying static files... WARNING: html_static_path entry u'/home/jocelyn/dev/ihatemoney/docs/_static' does not exist
To my knowledge it was not used, and the _static dir do not even exist. Let me know if I am wrong.
Removes py3-only warning (this alias might be removed in future py3 version):
> DeprecationWarning: encodestring() is a deprecated alias, use encodebytes()
> ('%s:%s' % (username, password)).encode('utf-8')).decode('utf-8').replace('\n', '')
py2-compatible change.
It is a bare alias of StringField (thus, no alembic migration is required),
deprecated since wtforms v2.0 (2013).
Removes the following warning:
> DeprecationWarning: The TextField alias for StringField has been deprecated and will be removed in WTForms 3.0
Ref f07729dd45
That noisy warning was everywhere in our test/CI logs before that commit:
> ./home/travis/build/spiral-project/ihatemoney/.tox/py27/lib/python2.7/site-packages/flask_sqlalchemy/__init__.py:839: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future. Set it to True or False to suppress this warning.
>
> 'SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhe
