Use password file instead of plaintext in config

This commit is contained in:
Tim Van Baak 2021-02-18 16:29:11 -08:00
parent 622be944cd
commit 84b57d693d
2 changed files with 21 additions and 12 deletions

View File

@ -17,7 +17,6 @@ gunicorn = "^20.0.4"
[tool.poetry.scripts] [tool.poetry.scripts]
redstring-check = "redstring.parser:main" redstring-check = "redstring.parser:main"
redstring-server = "redstring.server:cli" redstring-server = "redstring.server:cli"
redstring-backend = "redstring.server:wsgi"
[build-system] [build-system]
requires = ["poetry>=0.12"] requires = ["poetry>=0.12"]

View File

@ -54,6 +54,19 @@ login_manager = LoginManager()
login_manager.login_view = 'login' login_manager.login_view = 'login'
login_manager.init_app(app) login_manager.init_app(app)
def check_password(app, password):
"""
Checks if a password is correct
"""
password_file = app.config['password_file']
with open(password_file) as f:
real_password = f.read().strip()
correct = password == real_password
del real_password
return correct
@login_manager.user_loader @login_manager.user_loader
def load_user(user_id): def load_user(user_id):
return Admin() if user_id == 'admin' else None return Admin() if user_id == 'admin' else None
@ -83,8 +96,7 @@ def document(document_id):
@app.route('/login/', methods=['GET', 'POST']) @app.route('/login/', methods=['GET', 'POST'])
def login(): def login():
form = LoginForm() form = LoginForm()
if form.validate_on_submit(): if form.validate_on_submit() and check_password(current_app, form.password.data):
if form.password.data == app.config['login']:
login_user(Admin()) login_user(Admin())
return redirect(url_for('index')) return redirect(url_for('index'))
return render_template('login.jinja', form=form) return render_template('login.jinja', form=form)
@ -189,9 +201,11 @@ def edit(document_id):
return render_template('edit.jinja', document=doc, index=False) return render_template('edit.jinja', document=doc, index=False)
def read_config(path): def read_config(app, path):
with open(path) as f: with open(path) as f:
config = json.load(f) config = json.load(f)
app.config['root'] = config['root']
app.config['password_file'] = config['password_file']
return config return config
@ -202,15 +216,11 @@ def cli():
parser.add_argument("--port", type=int, default=5000) parser.add_argument("--port", type=int, default=5000)
args = parser.parse_args() args = parser.parse_args()
config_path = args.config or os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf' config_path = args.config or os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf'
config = read_config(config_path) config = read_config(app, config_path)
app.config['root'] = config['root']
app.config['login'] = config['login']
app.run(debug=args.debug, port=args.port) app.run(debug=args.debug, port=args.port)
def wsgi(): def wsgi():
config_path = os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf' config_path = os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf'
config = read_config(config_path) config = read_config(app, config_path)
app.config['root'] = config['root']
app.config['login'] = config['login']
return app return app