User auth #3 ready #71
Conversation
First step towards a working login. The login finds the approriate user in the database. Next step would be to compare the hashed password. Then to establish a continuous connection with the user. [#3] authentification: User can login An invalid login will reload /login page. A valid login will redirect the user to the homepage. AFAIK the user will stays connected for a period of 3 days. Proper login/logout detection. Separate Login from Signup in LoginHandler Very first working register/login/logout Current user datas now accessible Client side verification. First try at client side verification. Added field for password verification Client side validation Password confirmation General use of $http Client side Hash+Salt +tool Let user Signup and Login without email +login/signup ++login/signup +++ 'name' is a reserved word in Javascript
<WIP> 3rd party auth (not yet keeping credentials) Basic Facebook Auth Basic Google+ Auth Path changes <WIP> working Twitter Auth Working Twitter Auth Working Twitter Auth + Twitter better try-except Working Facebook Auth + Facebook comment fix Working Google+ Auth + google fix
Bower - Font Awesome fix Cleaned js <script> by removing duplicate It was previously needed to write a js <script> tag twice if used both with and without the debug option. +
| @@ -107,9 +284,9 @@ def get(self): | |||
| if self._global_arg["disable_character"]: | |||
| return | |||
|
|
|||
| player_id = self.request.query[len("player_id="):] | |||
| user_id = self.request.query[len("user_id="):] | |||
There was a problem hiding this comment.
Il va falloir migrer la base de donnée avec les nouvelles clés utilisés ou reprendre les anciennes clés et les modifier plus tard pour des noms plus juste.
There was a problem hiding this comment.
DONE - ce n'est plus pertinant dans le contexte qu'on efface la base de donnée du passé.
| email = self.get_argument("email", default=None) | ||
|
|
||
| if name: | ||
| self.write("0" if (self._db.user_exists(name=name) or self._db.user_exists(email=name)) else "1") |
There was a problem hiding this comment.
pourquoi ne pas retourner un json?
There was a problem hiding this comment.
Puis mettre une boolean au lieu de "0" ou "1"?
There was a problem hiding this comment.
DONE - ça va être bon pour le moment. La requête est envoyé à chaque caractère. Ça doit être optimisé dans le future.
| @@ -14,6 +14,7 @@ | |||
| DB_DEMO_PATH = os.path.join("..", "..", "database", "demo_user.json") | |||
| DB_MANUAL_PATH = os.path.join("..", "..", "database", "tl_manual.json") | |||
| DB_LORE_PATH = os.path.join("..", "..", "database", "tl_lore.json") | |||
| DB_KEYS_PATH = os.path.join("..", "..", "database", "keys.json") | |||
There was a problem hiding this comment.
key.json n'est pas un nom significatif
There was a problem hiding this comment.
"Contains keys and secrets needed for third-party authentification."
Pourquoi pas le renommer auth.json?
| user = self._db.get_user(user_id=user_id) | ||
| else: | ||
| user = self.current_user | ||
| self.render('profile.html', user=user, **self._global_arg) |
There was a problem hiding this comment.
serait-ce mieux renommer profile.html pour user_profile.html ?
Car dans le contexte, il peut avoir d'autre profile comme celui du character.
There was a problem hiding this comment.
DONE On abandonne pour le moment ce commentaire.
|
|
||
| # Produce a missing argument error | ||
| else: | ||
| self.get_argument("username or email") |
There was a problem hiding this comment.
Est-ce que c'est ceci qu'il faut aller chercher? «username_or_email»
There was a problem hiding this comment.
De toute façon, on ne fait rien avec. On veut créer une erreur? Je ne comprend pas la raison de cette ligne.
There was a problem hiding this comment.
DONE - Via l'interface usagé web, on ne peut pas se rendre à cette étape. Seul des tests unitaires ou des requêtes http en ne passant pas via l'interface usagé pourra exécuter cette ligne. Un todo a été ajouté.
| return _user | ||
| def user_exists(self, email=None, user_id=None, name=None): | ||
| """Returns True if all the arguments given are found""" | ||
| return(not(email and not self._db_user.get(self._query_user.email == email)) and |
There was a problem hiding this comment.
première () est de trop. Inutile même pour la compréhension.
| print("Cannot update player if player is not dictionary : %s" % player_data) | ||
| def update_user(self, user_data, character_data=None, delete_user_by_id=None, delete_character_by_id=None): | ||
| if not isinstance(user_data, dict): | ||
| print("Cannot update user if user is not dictionary : %s" % user_data) | ||
| return | ||
| d = datetime.datetime.utcnow().timestamp() |
There was a problem hiding this comment.
Il faudrait renommer cette variable, d.
| self._db_user.insert(player_data) | ||
| elif player_data or character_data or delete_character_id: | ||
| # TODO validate user_data field | ||
| user_data["user_id"] = uuid.uuid4().hex |
There was a problem hiding this comment.
On génère déjà plus tôt cette valeur dans create user. On devrait au lieu appeler la fonction create user?
There was a problem hiding this comment.
Cancel, ce n'est pas une bonne idée.
| templates compile. The !important is important given that there may be | ||
| other selectors that are more specific or come later and might alter display. | ||
| */ | ||
| [ng\:cloak], [ng-cloak], .ng-cloak { |
There was a problem hiding this comment.
dupliqué dans _base.css
Toutes les pages devraient avoir accès à _base.css
There was a problem hiding this comment.
DONE
C'est enlevé. En fait, il existe déjà dans angularjs.min
| # Generate a self-signed certificate and key if we don't already have one. | ||
| cmd = 'openssl req -x509 -sha256 -newkey rsa:2048 -keyout %s -out %s -days 36500 -nodes -subj' % ( | ||
| KEY_FILE_SSL, CERT_FILE_SSL) | ||
| cmd_in = cmd.split() + ["/C=CA/ST=QC/L=Montreal/O=Traitre-lame/OU=gn.qc.ca"] |
There was a problem hiding this comment.
modifier gn.qc.ca pour l'adresse du grandeur nature actuel.
There was a problem hiding this comment.
Ignorer, va être fait dans une autre branche avec l'intégration du ssl.
| import json | ||
| from sys import stderr | ||
|
|
||
| class Keys(object): |
There was a problem hiding this comment.
Il faudrait un nom plus significatif. Une classe Keys c'est flou comme nom.
There was a problem hiding this comment.
DONE - renommé pour auth_keys.py
| print("ERROR: "+parser.db_keys_path+" isn't formatted properly. \n" | ||
| +"Details: "+str(exception), file=stderr) | ||
| except FileNotFoundError as exception: | ||
| print("WARNING: "+str(exception)+" \nA file has been created for you.") |
There was a problem hiding this comment.
Quel est l'utilité de créer ce fichier? Informer l'utilisateur qu'il doit remplir ce fichier. Habituellement, on fait un fichier template qu'on dit de copier via un README en décrivant comment faire.
There was a problem hiding this comment.
DONE - enlevé du code, le readme va être écrit bientôt.
| }).then( | ||
| function(response) { | ||
| console.log(response["data"]); | ||
| if (response["data"] == "0") { |
There was a problem hiding this comment.
Ceci est en lien avec le return "0" du serveur. À noter qu'il faudrait changer le type de retour.
There was a problem hiding this comment.
Il a une faille de sécurité, on valide juste le "0", mais pas le "1". Le serveur pourrait retourner n'importe quoi et il va croire qu'il a réussi l'authentification.
|
|
||
| ssl_options = {"certfile": CERT_FILE_SSL, "keyfile": KEY_FILE_SSL} | ||
|
|
||
| url = "http{2}://{0}:{1}".format(parse_arg.listen.address, parse_arg.listen.port, "s" if ssl_options else "") |
There was a problem hiding this comment.
L'URL est par défaut sur 127.0.0.1, ce n'est pas bon dans le cas du serveur en production.
À voir commencer changer ça de manière propre.
C'est utiliser pour les AUTH pour faire des redirections vers la bonne page. Sommes-nous obligés de mettre l'adresse?
There was a problem hiding this comment.
DONE - Mis dans un commentaire dans la tâche #3 , il faudrait pour le moment utiliser un fichier de config et spécifier l'adresse qui sera par défaut le 127.0.0.1 + port
| {% if user %} | ||
| <div>This is {{user.get("name")}}'s profile page. (ID: {{user.get("user_id")}})</div> | ||
| </br> | ||
| <div>Here the user should be able to modify certain personnal infos as well as his name, e-mail and password.</div> |
There was a problem hiding this comment.
Devrait être mis en français, le site est en français pour le moment.
| <br/> | ||
|
|
||
| <button class="btn btn-lg btn-primary btn-block" type="submit">Login</button> | ||
| <button class="btn btn-lg btn-primary btn-block" type="submit" onclick="if(username_or_email.value && loginForm.password.value){password.value=hashSha256(password.value, username_or_email.value);};">Se connecter</button> |
There was a problem hiding this comment.
This can be more secure, the hash is password with email. Easy to find password ...
There was a problem hiding this comment.
Cancel, it need to be binded with angularjs. Added comment.
| <span class="help-block" ng-show="signUpForm.pwconfirm.$error.fieldMatch && signUpForm.pwconfirm.$dirty">Le mot de passe n'est pas identique.</span> | ||
| <br/> | ||
|
|
||
| <button class="btn btn-lg btn-primary btn-block" type="submit" ng-disabled="signUpForm.$invalid || signUpForm.$pending" onclick="var tempPW=password.value; password.value=hashSha256(tempPW, username.value);pwconfirm.value=hashSha256(tempPW, email.value);">Créer un compte</button> |
There was a problem hiding this comment.
This is OK, but can be improve.
| @@ -14,6 +14,7 @@ | |||
| DB_DEMO_PATH = os.path.join("..", "..", "database", "demo_user.json") | |||
| DB_MANUAL_PATH = os.path.join("..", "..", "database", "tl_manual.json") | |||
| DB_LORE_PATH = os.path.join("..", "..", "database", "tl_lore.json") | |||
| DB_KEYS_PATH = os.path.join("..", "..", "database", "keys.json") | |||
| user = self._db.get_user(user_id=user_id) | ||
| else: | ||
| user = self.current_user | ||
| self.render('profile.html', user=user, **self._global_arg) |
There was a problem hiding this comment.
DONE On abandonne pour le moment ce commentaire.
| @@ -107,9 +284,9 @@ def get(self): | |||
| if self._global_arg["disable_character"]: | |||
| return | |||
|
|
|||
| player_id = self.request.query[len("player_id="):] | |||
| user_id = self.request.query[len("user_id="):] | |||
There was a problem hiding this comment.
DONE - ce n'est plus pertinant dans le contexte qu'on efface la base de donnée du passé.
| self._db_user.insert(player_data) | ||
| elif player_data or character_data or delete_character_id: | ||
| # TODO validate user_data field | ||
| user_data["user_id"] = uuid.uuid4().hex |
There was a problem hiding this comment.
Cancel, ce n'est pas une bonne idée.
| import json | ||
| from sys import stderr | ||
|
|
||
| class Keys(object): |
There was a problem hiding this comment.
DONE - renommé pour auth_keys.py
| print("ERROR: "+parser.db_keys_path+" isn't formatted properly. \n" | ||
| +"Details: "+str(exception), file=stderr) | ||
| except FileNotFoundError as exception: | ||
| print("WARNING: "+str(exception)+" \nA file has been created for you.") |
There was a problem hiding this comment.
DONE - enlevé du code, le readme va être écrit bientôt.
| # Generate a self-signed certificate and key if we don't already have one. | ||
| cmd = 'openssl req -x509 -sha256 -newkey rsa:2048 -keyout %s -out %s -days 36500 -nodes -subj' % ( | ||
| KEY_FILE_SSL, CERT_FILE_SSL) | ||
| cmd_in = cmd.split() + ["/C=CA/ST=QC/L=Montreal/O=Traitre-lame/OU=gn.qc.ca"] |
There was a problem hiding this comment.
Ignorer, va être fait dans une autre branche avec l'intégration du ssl.
|
|
||
| ssl_options = {"certfile": CERT_FILE_SSL, "keyfile": KEY_FILE_SSL} | ||
|
|
||
| url = "http{2}://{0}:{1}".format(parse_arg.listen.address, parse_arg.listen.port, "s" if ssl_options else "") |
There was a problem hiding this comment.
DONE - Mis dans un commentaire dans la tâche #3 , il faudrait pour le moment utiliser un fichier de config et spécifier l'adresse qui sera par défaut le 127.0.0.1 + port
|
Close Pull Request. Review done. Reported in a new Pull Request. |
No description provided.