puppet/puppetboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allowed the ability to provide a static SECRET_KEY for use with CSRF protection (fixes #128)

Browse Source
This commit is contained in:
Fotis Gimian
2015-05-10 23:22:57 +10:00
parent 3f681da85d
commit 25df8c071a
4 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.rst
View File

@@ -174,6 +174,8 @@ For information about how to generate the correct keys please refer to the
Other settings that might be interesting: Other settings that might be interesting:
* ``SECRET_KEY``: Refer to `Flask documentation`_, section sessions: How to
generate good secret keys, to set the value.
* ``PUPPETDB_TIMEOUT``: Defaults to 20 seconds but you might need to increase * ``PUPPETDB_TIMEOUT``: Defaults to 20 seconds but you might need to increase
this value. It depends on how big the results are when querying PuppetDB. this value. It depends on how big the results are when querying PuppetDB.
This behaviour will change in a future release when pagination will be This behaviour will change in a future release when pagination will be
@@ -188,6 +190,7 @@ Other settings that might be interesting:
a set of endpoints in PuppetDB. Change this to ``False`` to disable this. a set of endpoints in PuppetDB. Change this to ``False`` to disable this.
.. _pypuppetdb documentation: http://pypuppetdb.readthedocs.org/en/v0.1.0/quickstart.html#ssl .. _pypuppetdb documentation: http://pypuppetdb.readthedocs.org/en/v0.1.0/quickstart.html#ssl
.. _Flask documentation: http://flask.pocoo.org/docs/0.10/quickstart/#sessions
Puppet Enterprise Puppet Enterprise
----------------- -----------------

6
puppetboard/app.py
View File

@@ -1,7 +1,6 @@
from __future__ import unicode_literals from __future__ import unicode_literals
from __future__ import absolute_import from __future__ import absolute_import
import os
import logging import logging
import collections import collections
try: try:
@@ -15,6 +14,7 @@ from flask import (
Response, stream_with_context, redirect, Response, stream_with_context, redirect,
request request
) )
from flask_wtf.csrf import CsrfProtect
from pypuppetdb import connect from pypuppetdb import connect
@@ -26,11 +26,13 @@ from puppetboard.utils import (
app = Flask(__name__) app = Flask(__name__)
CsrfProtect(app)
app.config.from_object('puppetboard.default_settings') app.config.from_object('puppetboard.default_settings')
graph_facts = app.config['GRAPH_FACTS'] graph_facts = app.config['GRAPH_FACTS']
app.config.from_envvar('PUPPETBOARD_SETTINGS', silent=True) app.config.from_envvar('PUPPETBOARD_SETTINGS', silent=True)
graph_facts += app.config['GRAPH_FACTS'] graph_facts += app.config['GRAPH_FACTS']
app.secret_key = os.urandom(24) app.secret_key = app.config['SECRET_KEY']
app.jinja_env.filters['jsonprint'] = jsonprint app.jinja_env.filters['jsonprint'] = jsonprint

3
puppetboard/default_settings.py
View File

@@ -1,9 +1,12 @@
import os
PUPPETDB_HOST = 'localhost' PUPPETDB_HOST = 'localhost'
PUPPETDB_PORT = 8080 PUPPETDB_PORT = 8080
PUPPETDB_SSL_VERIFY = True PUPPETDB_SSL_VERIFY = True
PUPPETDB_KEY = None PUPPETDB_KEY = None
PUPPETDB_CERT = None PUPPETDB_CERT = None
PUPPETDB_TIMEOUT = 20 PUPPETDB_TIMEOUT = 20
SECRET_KEY = os.urandom(24)
DEV_LISTEN_HOST = '127.0.0.1' DEV_LISTEN_HOST = '127.0.0.1'
DEV_LISTEN_PORT = 5000 DEV_LISTEN_PORT = 5000
DEV_COFFEE_LOCATION = 'coffee' DEV_COFFEE_LOCATION = 'coffee'

3
puppetboard/templates/query.html
View File

@@ -11,7 +11,7 @@
{% endif %} {% endif %}
{% endwith %} {% endwith %}
<div class="ui form"> <div class="ui form">
<form method="POST" action="{{ url_for('query')}}" <form method="POST" action="{{ url_for('query') }}">
{{ form.csrf_token }} {{ form.csrf_token }}
<div class="field {% if form.query.errors %} error {% endif %}"> <div class="field {% if form.query.errors %} error {% endif %}">
{{ form.query(autofocus="autofocus", rows=5, placeholder="Enter your query: [\"=\", \"name\", \"hostname\"]. You may omit the opening and closing bracket.") }} {{ form.query(autofocus="autofocus", rows=5, placeholder="Enter your query: [\"=\", \"name\", \"hostname\"]. You may omit the opening and closing bracket.") }}
@@ -26,7 +26,6 @@
</div> </div>
{% endfor %} {% endfor %}
</div> </div>
{{ form.hidden_tag() }}
<input type=submit class="ui submit button" value='Submit'> <input type=submit class="ui submit button" value='Submit'>
<input type=reset class="ui red submit button" value='Cancel'> <input type=reset class="ui red submit button" value='Cancel'>
</form> </form>