Config, secrets, basic POST handling

* add script/config * add atst.ini * add cookie_secret * update docs
2018-05-31 13:55:18 -04:00 · 2018-05-31 13:55:18 -04:00 · a340eede07
commit a340eede07
parent 6cf7a7bffa
11 changed files with 43 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -17,6 +17,7 @@ __pycache__
 # Compiled python bytecode files
 *.pyc
 .cache/
+atst.ini

 # static/fonts for now, since it is just symlink
 static/fonts
--- a/README.md
+++ b/README.md
@ -15,6 +15,16 @@ To enter the virtualenv manually (a la `source .venv/bin/activate`):

 If you want to automatically load the virtual environment whenever you enter the project directory, take a look at [direnv](https://direnv.net/).  An `.envrc` file is included in this repository.  direnv will activate and deactivate virtualenvs for you when you enter and leave the directory.

+## Configuration
+
+A sample configuration is included in atst.ini.example.
+
+    cp atst.ini.example atst.ini
+
+Be sure to modify it and change the 'secret' key.
+
+`script/config` (called by script/setup) will provide a default configuration.
+
 ## Running (development)

 To start the app and watch for changes:
--- a/app.py
+++ b/app.py
@ -1,6 +1,5 @@
 #!/usr/bin/env python

-import os
 import tornado.ioloop

 from atst.app import make_app, make_config
--- a/atst.ini.example
+++ b/atst.ini.example
@ -0,0 +1,2 @@
+[server]
+secret = change_me_into_something_secret
--- a/atst/app.py
+++ b/atst/app.py
@ -16,7 +16,7 @@ from atst.api_client import ApiClient
 ENV = os.getenv("TORNADO_ENV", "dev")


-def make_app(config):
+def make_app(config,**kwargs):

    authz_client = ApiClient(config["default"]["AUTHZ_BASE_URL"])
    authnid_client = ApiClient(config["default"]["AUTHNID_BASE_URL"])
--- a/atst/handlers/request_new.py
+++ b/atst/handlers/request_new.py
@ -1,5 +1,6 @@
 import tornado
 from atst.handler import BaseHandler
+import tornado.httputil

 class RequestNew(BaseHandler):
    screens = [
@ -23,6 +24,18 @@ class RequestNew(BaseHandler):
    def initialize(self, page):
        self.page = page

+    @tornado.web.authenticated
+    def post(self, screen = 1):
+        self.check_xsrf_cookie()
+        all = {
+                    arg: self.get_argument(arg)
+                        for arg in self.request.arguments
+                        if not arg.startswith('_')
+               }
+        print( all )
+        import json
+        self.write( json.dumps( all ) )
+
    @tornado.web.authenticated
    def get(self, screen = 1):
        self.render( 'requests/screen-%d.html.to' % int(screen),
@ -30,4 +43,3 @@ class RequestNew(BaseHandler):
                    screens = self.screens,
                    current = int(screen),
                    next_screen = int(screen) + 1 )
-
--- a/script/config
+++ b/script/config
@ -0,0 +1,3 @@
+cp atst.ini.example atst.ini
+rand=`head -c 400 /dev/random | tr -dc A-Za-z0-9_=,@-`
+perl -p -i -e "s/change_me_into_something_secret/$rand/" atst.ini
--- a/script/setup
+++ b/script/setup
@ -24,5 +24,8 @@ fi
 # Install application dependencies
 script/bootstrap

+# Generate default configuration
+script/config
+
 # Symlink uswds fonts into the /static directory
 ln -s ../node_modules/uswds/src/fonts ./static/fonts
--- a/templates/requests/screen-1.html.to
+++ b/templates/requests/screen-1.html.to
@ -3,7 +3,7 @@
 {% block form %}
 <h2>Details of Use</h2>
 <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Doloremque placeat distinctio accusamus quo temporibus facilis, dicta delectus asperiores. Nihil aut quod quibusdam id fugit, officia dolorum laudantium! Quidem tempora, aliquam.</p>
-<form>
+
  <h3 id="application-details">Application Details</h3>
  <p>These headings introduce, respectively, sections and subsections within your body copy. As you create these headings, follow the same guidelines that you use when writing section headings: Be succinct, descriptive, and precise.</p>

@ -143,15 +143,4 @@
  <input id="" name="" type="text" placeholder="Total number of environments">


-
-
-  <br><br>
-
-  <button class="usa-button-secondary">Create Application</button>
-  <br>
-  <button class="usa-button-secondary" disabled>Save &amp; Continue</button>
-
-</form>
-
-
 {% end %}
--- a/templates/requests_new.html.to
+++ b/templates/requests_new.html.to
@ -8,19 +8,21 @@

 <h1>New Request</h1>

-
 <aside class="sidenav usa-width-one-third">
  {% include 'requests/sidebar.html.to' %}
 </aside>

 <main class="main-content usa-width-two-thirds">

-  {% block form %}
+    <form method='POST' action='{{ reverse_url('request_form', current) }}'>
+    {% module xsrf_form_html() %}
+    {% block form %}
    form goes here
-  {% end %}
-  {% block next %}
-    <a class='usa-button usa-button-primary' href='{{ reverse_url('request_form',next_screen) }}'>Save &amp; Continue</a>
-  {% end %}
+    {% end %}
+    {% block next %}
+    <input type='submit' class='usa-button usa-button-primary' value='Save & Continue' />
+    {% end %}
+    </form>

 </main>