Create the account at the first launch of WebRunner

e9fa7941 · Alain Takoudjou · 873a5b35 · e9fa7941 · e9fa7941 · e9fa7941
Commit e9fa7941 authored Jul 11, 2012 by Alain Takoudjou
8 changed files
--- a/slapos/runner/__init__.py
+++ b/slapos/runner/__init__.py
@@ -118,15 +118,9 @@ def serve(config):
    workspace = workdir,
    instance_profile='instance.cfg',
    software_profile='software.cfg',
-    SECRET_KEY='123',
+    SECRET_KEY=os.urandom(24),
  )
  if not os.path.exists(workdir):
    os.mkdir(workdir)
-  if not os.path.exists(os.path.join(config.runner_workdir, '.users')):
-    #set default user and password
-    salt = "runner81" #to be changed
-    pwd = hashlib.md5( salt + "insecure" ).hexdigest()
-    user = "root;"+pwd+";;Slaprunner Administrator"
-    open(os.path.join(config.runner_workdir, '.users'), 'w').write(user)
  app.run(host=config.runner_host, port=int(config.runner_port),
      debug=config.debug, threaded=True)
--- a/slapos/runner/static/css/styles.css
+++ b/slapos/runner/static/css/styles.css
@@ -72,6 +72,7 @@ overflow-y: scroll;
    text-align: left;
    padding-left: 20px;
    height: 30px;
+    position:relative;
 }

 #header .run{
@@ -706,7 +707,7 @@ input[type=radio]:hover {
 #login-page{width:429px; height:236px; margin:130px auto 0px; background:url(../images/loginBox.png) no-repeat;
 padding:10px; font-size:14px; color:#03406A}
 #login-page h2{color:#fff; font-size:26px; font-weight:normal; text-indent:50px;}
-.login-content{margin:10px; margin-top:40px; margin-bottom:0; height:90px;}
+.login-content{position:relative;margin:10px; margin-top:30px; margin-bottom:0;}
 .login-button{width:140px; margin:0 auto;}
 .login-element{float:left; min-width:120px;}
 .login-label{padding:5px; font-size:16px;}

--- a/slapos/runner/static/js/jquery/jqueryToolTip.js
+++ b/slapos/runner/static/js/jquery/jqueryToolTip.js
@@ -9,25 +9,17 @@ $(function () {
    $('a[rel=tooltip], a[rel=tooltip-min], .popup').mouseover(function () {
        var height = $(this).height();
        var top = $(this).offset().top + height;
-        var left = $(this).offset().left - ($(this).width() /2);
+        var left = $(this).offset().left +($(this).width()/2)-30;
        var content = "#tooltip-" + $(this).attr('id');
        if (hideDelayTimer) clearTimeout(hideDelayTimer);
        if (beingShown || shown) {
            return;
-        } else {                  
+        } else {
            $('#jqtooltip').empty();
            var contentValue = $(content).clone(true, true);
-            /*$(contentValue).find("*").each(function(index, element) {
-              if(element.id){element.id = "jqt_" + element.id;}
-               if($(this).attr('for')){$(this).attr('for', 'jqt_' + $(this).attr('for'))}
-               //var events = $(content).get[0];
-               //for (var type in events)
-  		          // for (var handler in events[type])
-				          // jQuery.event.add(this, type, events[type][handler], events[type][handler].data);
-            });*/
            $(contentValue).appendTo('#jqtooltip');
            $('#jqtooltip ' + content).show();
-            // reset position of info box    
+            // reset position of info box
            beingShown = true;
            $('.popup').css({
                top: top,
@@ -49,7 +41,7 @@ $(function () {
                $('.popup').animate({
                    top: '-=' + distance + 'px',
                    opacity: 0
-                }, time, 'swing', function () {                    
+                }, time, 'swing', function () {
                    $('.popup').css('display', 'none');
                    shown = false;
                });

--- a/slapos/runner/static/js/scripts/account.js
+++ b/slapos/runner/static/js/scripts/account.js
@@ -14,6 +14,10 @@ $(document).ready( function() {
 			$("#error").Popup("Please enter a valid email adress!", {type:'alert', duration:3000});
 			return false;
 		}
+    if($("input#hasAccount").val() === "" && !$("input#password").val().match(/^[\w\d\._-]+$/)){
+      $("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
+      return false;
+    }
    if($("input#password").val() !== ""){
      if($("input#password").val() === "" || !$("input#password").val().match(/^[\w\d\._-]+$/)){
      	$("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
@@ -34,7 +38,7 @@ $(document).ready( function() {
 				password:((haspwd) ? $("input#password").val():"")},
 			success: function(data){
        if(data.code ==1){
-          $("#error").Popup("Your account informations has been saved!", {type:'confirm', duration:3000});
+          location.href = $SCRIPT_ROOT+"/"
        }
        else{
          $("#error").Popup(data.result, {type:'error', duration:5000});

--- a/slapos/runner/templates/account.html
+++ b/slapos/runner/templates/account.html
@@ -29,7 +29,10 @@
    <div class='clear'></div>
    <br/><br/><br/>
  </div>
-  <div id="file_info" class="file_info">leave passwords blank to preserve your current password...</div>
+  <div id="file_info" class="file_info">{% if username %}leave passwords blank to preserve your current password...{%else%}
+    Before starting, please fill your personal informations... {%endif%}
+  </div>
  <br/>
+  <input type="hidden" name="hasAccount" id="hasAccount" value="{{name}}"/>
 </form>
 {% endblock %}
--- a/slapos/runner/templates/login.html
+++ b/slapos/runner/templates/login.html
@@ -6,17 +6,26 @@
 {% block body %}
 <form method="POST" action="">
  <h2>Login to Slapos Web Runner</h2>
-  <div class="login-content">
+  <div class="login-content"><br/>
    <div class="login-element login-label"><label for="clogin">Your login&nbsp; : </label></div>
    <div class="login-element"><input type="text" class="login-input" name="clogin" id="clogin" value="Enter login..." /></div><br/><br/>
    <div class="clear"></div>
    <div class="login-element login-label"><label for="cpwd">Password : </label></div>
    <div class="login-element"><input type="password" class="idleField login-input" name="cpwd" id="cpwd" value="******" /></div>
    <div class="clear"></div>
+    <!--<br/><a href="#" id="information" rel="tooltip">do you need help?</a><br/>-->
  </div>
-  <div style="text-align:center">
+  <div style="text-align:center; margin-top:7px;">
    <input type="reset" class="button" value="reset" />
    <input type="submit" class="button" id="login" value="login" />
  </div>
 </form>
+<!--
+<div id="tooltip-information" style="display:none">
+<p style="font-size:12px;">
+If it is your first connexion, use default parameters:<br/>
+login: <strong>root</strong>, password: <strong>insecure</strong> and set your
+one<br/> parameters at <strong>home->Your Account</strong>.
+</p>
+</div>-->
 {% endblock %}
\ No newline at end of file
--- a/slapos/runner/utils.py
+++ b/slapos/runner/utils.py
@@ -56,10 +56,17 @@ def checkLogin(config, login, pwd):
  user = getSession(config)
  salt = "runner81" #to be changed
  current_pwd = hashlib.md5( salt + pwd ).hexdigest()
-  if current_pwd == user[1]:
+  if user and current_pwd == user[1] and login == user[0]:
    return user
  return False

+def checkSession(config, session, account):
+  """Return True if current user is connected with rigth data"""
+  if 'account' in session and account:
+    return (session['account'][0] == account[0] and
+              session['account'][1] == account[1])
+  return False
+
 def getSession(config):
  """
  Get the session data of current user.
@@ -99,9 +106,10 @@ def saveSession(config, session, account):
      account[1] = hashlib.md5(salt + account[1]).hexdigest()
    else:
      account[1] = session['account'][1]
-    #backup previous data
-    open(user+'.back', 'w').write(';'.join(session['account']))
-    backup = True
+    if 'account' in session:
+      #backup previous data
+      open(user+'.back', 'w').write(';'.join(session['account']))
+      backup = True
    #save new account data
    open(user, 'w').write((';'.join(account)).encode("utf-8"))
    session['account'] = account

--- a/slapos/runner/views.py
+++ b/slapos/runner/views.py
@@ -14,13 +14,18 @@ app = Flask(__name__)
 #Access Control: Only static files and login pages are allowed to guest
 @app.before_request
 def before_request():
-  if (not session.has_key('account') or not session['account']) \
-    and request.path != '/login' \
-    and request.path != '/doLogin' and not  request.path.startswith('/static'):
-    return redirect(url_for('login'))
-  if session.has_key('account') and session['account']:
-    session['title'] = getProjectTitle(app.config)
-    session['account'] = getSession(app.config)
+  if not request.path.startswith('/static'):
+    account = getSession(app.config)
+    if account:
+      if request.path != '/login' and request.path != '/doLogin' and \
+          not checkSession(app.config, session, account):
+        return redirect(url_for('login'))
+      session['title'] = getProjectTitle(app.config)
+    else:
+      session.pop('account', None)
+      session['title'] = "No account is defined"
+      if request.path != "/updateAccount" and request.path != "/myAccount":
+        return redirect(url_for('myAccount'))

 # general views
 @app.route('/')
@@ -33,12 +38,15 @@ def login():

 @app.route("/myAccount")
 def myAccount():
-  return render_template('account.html', username=session['account'][0],
+  if 'account' in session:
+    return render_template('account.html', username=session['account'][0],
      email=session['account'][2], name=session['account'][3].decode('utf-8'))
+  else:
+    return render_template('account.html')

 @app.route("/logout")
 def logout():
-  session['account'] = None
+  session.pop('account', None)
  return redirect(url_for('login'))

 @app.route('/configRepo')