Config, secrets, basic POST handling

* add script/config
  * add atst.ini
  * add cookie_secret
  * update docs
This commit is contained in:
Brian Duggan 2018-05-31 13:55:18 -04:00 committed by Jason Garber
parent 6cf7a7bffa
commit a340eede07
11 changed files with 43 additions and 22 deletions

1
.gitignore vendored
View File

@ -17,6 +17,7 @@ __pycache__
# Compiled python bytecode files
*.pyc
.cache/
atst.ini
# static/fonts for now, since it is just symlink
static/fonts

View File

@ -15,6 +15,16 @@ To enter the virtualenv manually (a la `source .venv/bin/activate`):
If you want to automatically load the virtual environment whenever you enter the project directory, take a look at [direnv](https://direnv.net/). An `.envrc` file is included in this repository. direnv will activate and deactivate virtualenvs for you when you enter and leave the directory.
## Configuration
A sample configuration is included in atst.ini.example.
cp atst.ini.example atst.ini
Be sure to modify it and change the 'secret' key.
`script/config` (called by script/setup) will provide a default configuration.
## Running (development)
To start the app and watch for changes:

1
app.py
View File

@ -1,6 +1,5 @@
#!/usr/bin/env python
import os
import tornado.ioloop
from atst.app import make_app, make_config

2
atst.ini.example Normal file
View File

@ -0,0 +1,2 @@
[server]
secret = change_me_into_something_secret

View File

@ -16,7 +16,7 @@ from atst.api_client import ApiClient
ENV = os.getenv("TORNADO_ENV", "dev")
def make_app(config):
def make_app(config,**kwargs):
authz_client = ApiClient(config["default"]["AUTHZ_BASE_URL"])
authnid_client = ApiClient(config["default"]["AUTHNID_BASE_URL"])

View File

@ -1,5 +1,6 @@
import tornado
from atst.handler import BaseHandler
import tornado.httputil
class RequestNew(BaseHandler):
screens = [
@ -23,6 +24,18 @@ class RequestNew(BaseHandler):
def initialize(self, page):
self.page = page
@tornado.web.authenticated
def post(self, screen = 1):
self.check_xsrf_cookie()
all = {
arg: self.get_argument(arg)
for arg in self.request.arguments
if not arg.startswith('_')
}
print( all )
import json
self.write( json.dumps( all ) )
@tornado.web.authenticated
def get(self, screen = 1):
self.render( 'requests/screen-%d.html.to' % int(screen),
@ -30,4 +43,3 @@ class RequestNew(BaseHandler):
screens = self.screens,
current = int(screen),
next_screen = int(screen) + 1 )

3
script/config Executable file
View File

@ -0,0 +1,3 @@
cp atst.ini.example atst.ini
rand=`head -c 400 /dev/random | tr -dc A-Za-z0-9_=,@-`
perl -p -i -e "s/change_me_into_something_secret/$rand/" atst.ini

View File

@ -24,5 +24,8 @@ fi
# Install application dependencies
script/bootstrap
# Generate default configuration
script/config
# Symlink uswds fonts into the /static directory
ln -s ../node_modules/uswds/src/fonts ./static/fonts

View File

@ -3,7 +3,7 @@
{% block form %}
<h2>Details of Use</h2>
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Doloremque placeat distinctio accusamus quo temporibus facilis, dicta delectus asperiores. Nihil aut quod quibusdam id fugit, officia dolorum laudantium! Quidem tempora, aliquam.</p>
<form>
<h3 id="application-details">Application Details</h3>
<p>These headings introduce, respectively, sections and subsections within your body copy. As you create these headings, follow the same guidelines that you use when writing section headings: Be succinct, descriptive, and precise.</p>
@ -143,15 +143,4 @@
<input id="" name="" type="text" placeholder="Total number of environments">
<br><br>
<button class="usa-button-secondary">Create Application</button>
<br>
<button class="usa-button-secondary" disabled>Save &amp; Continue</button>
</form>
{% end %}

View File

@ -8,19 +8,21 @@
<h1>New Request</h1>
<aside class="sidenav usa-width-one-third">
{% include 'requests/sidebar.html.to' %}
</aside>
<main class="main-content usa-width-two-thirds">
{% block form %}
<form method='POST' action='{{ reverse_url('request_form', current) }}'>
{% module xsrf_form_html() %}
{% block form %}
form goes here
{% end %}
{% block next %}
<a class='usa-button usa-button-primary' href='{{ reverse_url('request_form',next_screen) }}'>Save &amp; Continue</a>
{% end %}
{% end %}
{% block next %}
<input type='submit' class='usa-button usa-button-primary' value='Save & Continue' />
{% end %}
</form>
</main>