diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile | 15 | ||||
-rw-r--r-- | README | 14 | ||||
-rw-r--r-- | issues/links.mkdn | 44 | ||||
-rw-r--r-- | modules/installed/lib/auth.py | 44 | ||||
-rwxr-xr-x | plinth.py | 51 | ||||
m--------- | vendor/withsqlite | 0 |
7 files changed, 122 insertions, 47 deletions
@@ -1,3 +1,4 @@ +current-*.tar.gz *.pyc *.tiny.css data/*.log @@ -5,6 +5,11 @@ CSS=$(subst .tiny,,$(shell find themes -type f -name '*.css')) COMPRESSED_CSS := $(patsubst %.css,%.tiny.css,$(CSS)) PWD=`pwd` +# hosting variables +SLEEP_TIME=300 +EXCLUDE=--exclude=*.tar.gz --exclude=*~ $(EXCLUDE-FILES) +ALL_BUT_GZ=$(subst $(wildcard *.tar.gz),,$(wildcard *)) + ## Catch-all tagets default: predepend config dirs template css docs dbs all: default @@ -82,3 +87,13 @@ clean: @$(MAKE) -s -C templates clean rm -rf $(BUILDDIR) $(DESTDIR) rm -f predepend + +hosting: + bash start.sh & + while [ 1 ]; do make current-checkout.tar.gz current-repository.tar.gz; sleep $(SLEEP_TIME); done + +current-checkout.tar.gz: $(ALL_BUT_GZ) + tar cz $(EXCLUDE) * > current-checkout.tar.gz + +current-repository.tar.gz: $(ALL_BUT_GZ) + tar cz $(EXCLUDE) * .git > current-repository.tar.gz @@ -43,5 +43,15 @@ get down into the details and configure things the average user never thinks about. For example, experts can turn off ntp or switch ntp servers. Basic users should never even know those options exist. -See comments in exmachina/exmachina.py for more details about the configuration -management process seperation scheme. +See comments in exmachina/exmachina.py for more details about the +configuration management process seperation scheme. + +## Getting Started + +See the INSTALL file for additional details. Run: + + $ make + +Once make finishes, run Plinth on the local system with: + + $ bash start.sh diff --git a/issues/links.mkdn b/issues/links.mkdn new file mode 100644 index 0000000..a39afbe --- /dev/null +++ b/issues/links.mkdn @@ -0,0 +1,44 @@ +<!-- -*- mode: markdown; mode: auto-fill; fill-column: 80 -*- --> + +# Make Links Portable # + +## Issue ## + +Currently, all the links in Plinth point to 127.0.0.1/(something), and that +sucks for serving Plinth on a local network, like most use cases imply. + +## Fixes ## + +### TODO Links work when accessed from remote clients. ### + +#### 2012.1007 #### + +Investigate the following: + + $ grep -nHr basehref ../* + + $ grep -nHr 127.0 ../* + fabfile.py:40: if env.host == "localhost" or env.host=="127.0.0.1": + fabfile.py:46: if env.host == "localhost" or env.host=="127.0.0.1": + fabfile.py:102: hidden_service_config = "HiddenServiceDir %s\nHiddenServicePort 80 127.0.0.1:%d" % (tor_dir, santiago_port) + plinth.py:119: server.socket_host = '127.0.0.1' + +Also, why is base_href blank in +[cfg.sample.py](file:~/programs/freedombox/plinth/cfg.sample.py)? + +#### 2013.0221 #### + +The actual causes of this issue are the `raise cherrypy.HTTPRedirect` lines that +change the server's name on redirect. How do we fix that? + +The server name gets redirected whenever we need to be authenticated, which is +most Plinth pages. + +## Discussion ## + +## Metadata ## + + * Metadata + :PROPERTIES: + :Status: Incomplete + :END: diff --git a/modules/installed/lib/auth.py b/modules/installed/lib/auth.py index 988f8dd..4aa5be5 100644 --- a/modules/installed/lib/auth.py +++ b/modules/installed/lib/auth.py @@ -11,6 +11,7 @@ import cherrypy import urllib, hashlib import cfg +import random cfg.session_key = '_cp_username' @@ -18,29 +19,28 @@ def check_credentials(username, passphrase): """Verifies credentials for username and passphrase. Returns None on success or a string describing the error on failure""" + start = time.clock() + + if not username or not passphrase: + error = "No username or password." + cfg.log(error) + return error + u = cfg.users[username] - if u is None: - cfg.log("Unknown user: %s" % username) - return u"Username %s is unknown to me." % username - if u['passphrase'] != hashlib.md5(passphrase).hexdigest(): - return u"Incorrect passphrase." + elif u is None: + # hash the password whether the user exists, to foil timing + # side-channel attacks + hashlib.md5(passphrase).hexdigest() + error = "Bad user-name or password." + elif u['passphrase'] != hashlib.md5(passphrase).hexdigest(): + error = "Bad user-name or password." + else: + error = None -def check_auth(*args, **kwargs): - """A tool that looks in config for 'auth.require'. If found and it - is not None, a login is required and the entry is evaluated as a - list of conditions that the user must fulfill""" - conditions = cherrypy.request.config.get('auth.require', None) - if conditions is not None: - username = cherrypy.session.get(cfg.session_key) - if username: - cherrypy.request.login = username - for condition in conditions: - # A condition is just a callable that returns true or false - if not condition(): - raise cherrypy.HTTPRedirect("/auth/login") - else: - raise cherrypy.HTTPRedirect("/auth/login") + if error: + cfg.log(error) + return error def check_auth(*args, **kwargs): """A tool that looks in config for 'auth.require'. If found and it @@ -60,8 +60,8 @@ def check_auth(*args, **kwargs): raise cherrypy.HTTPRedirect("/auth/login?from_page=%s" % get_params) else: # Send old page as from_page parameter - raise cherrypy.HTTPRedirect("/auth/login?from_page=%s" % get_params) - + raise cherrypy.HTTPRedirect("/auth/login?from_page=%s" % get_params) + cherrypy.tools.auth = cherrypy.Tool('before_handler', check_auth) def require(*conditions): @@ -114,11 +114,16 @@ def setup(): pass try: - cfg.exmachina = ExMachinaClient( - secret_key=cfg.exmachina_secret_key or None) - except socket.error: + from exmachina import ExMachinaClient + except ImportError: cfg.exmachina = None - print "couldn't connect to exmachina daemon, but continuing anyways..." + else: + try: + cfg.exmachina = ExMachinaClient( + secret_key=cfg.exmachina_secret_key or None) + except socket.error: + cfg.exmachina = None + print "couldn't connect to exmachina daemon, but continuing anyways..." os.chdir(cfg.file_root) cherrypy.config.update({'error_page.404': error_page_404}) @@ -138,25 +143,25 @@ def setup(): server.subscribe() # Configure default server - cherrypy.config.update({'server.socket_host': cfg.host, - 'server.socket_port': cfg.port, - 'server.thread_pool':10, - 'tools.staticdir.root': cfg.file_root, - 'tools.sessions.on':True, - 'tools.auth.on':True, - 'tools.sessions.storage_type':"file", - 'tools.sessions.timeout':90, - 'tools.sessions.storage_path':"%s/cherrypy_sessions" % cfg.data_dir, - - }) - - config = {'/': {'tools.staticdir.root': '%s/static' % cfg.file_root, - 'tools.proxy.on':True,}, - '/static': {'tools.staticdir.on': True, - 'tools.staticdir.dir':"."}, - '/favicon.ico':{'tools.staticfile.on':True, - 'tools.staticfile.filename': "%s/static/theme/favicon.ico" % cfg.file_root} - } + cherrypy.config.update( + {'server.socket_host': cfg.host, + 'server.socket_port': cfg.port, + 'server.thread_pool':10, + 'tools.staticdir.root': cfg.file_root, + 'tools.sessions.on':True, + 'tools.auth.on':True, + 'tools.sessions.storage_type':"file", + 'tools.sessions.timeout':90, + 'tools.sessions.storage_path':"%s/cherrypy_sessions" % cfg.data_dir,}) + + config = { + '/': {'tools.staticdir.root': '%s/static' % cfg.file_root, + 'tools.proxy.on': True,}, + '/static': {'tools.staticdir.on': True, + 'tools.staticdir.dir': "."}, + '/favicon.ico':{'tools.staticfile.on': True, + 'tools.staticfile.filename': + "%s/static/theme/favicon.ico" % cfg.file_root}} cherrypy.tree.mount(cfg.html_root, '/', config=config) cherrypy.engine.signal_handler.subscribe() diff --git a/vendor/withsqlite b/vendor/withsqlite deleted file mode 160000 -Subproject bbfdd188597bd55809ca58a46d42f1ef1afdbf6 |