diff --git a/web/pgadmin/__init__.py b/web/pgadmin/__init__.py index 21fe636..b9d1cb4 100644 --- a/web/pgadmin/__init__.py +++ b/web/pgadmin/__init__.py @@ -201,7 +201,7 @@ def create_app(app_name=config.APP_NAME): # Setup Flask-Security user_datastore = SQLAlchemyUserDatastore(db, User, Role) - security = Security(app, user_datastore) + security = Security(None, user_datastore) # Upgrade the schema (if required) with app.app_context(): @@ -225,6 +225,14 @@ def create_app(app_name=config.APP_NAME): config.SECRET_KEY = Keys.query.filter_by(name = 'SECRET_KEY').first().value config.SECURITY_PASSWORD_SALT = Keys.query.filter_by(name = 'SECURITY_PASSWORD_SALT').first().value + # Update the app.config with proper security keyes for signing CSRF data, + # signing cookies, and the SALT for hashing the passwords. + app.config.update(dict(CSRF_SESSION_KEY=config.CSRF_SESSION_KEY)) + app.config.update(dict(SECRET_KEY=config.SECRET_KEY)) + app.config.update(dict(SECURITY_PASSWORD_SALT=config.SECURITY_PASSWORD_SALT)) + + security.init_app(app) + app.session_interface = create_session_interface(app) ########################################################################## diff --git a/web/setup.py b/web/setup.py index 90697fa..eaa3235 100755 --- a/web/setup.py +++ b/web/setup.py @@ -42,15 +42,6 @@ if hasattr(__builtins__, 'raw_input'): def do_setup(app): """Create a new settings database from scratch""" - # Get some defaults for the various keys - with app.app_context(): - config.CSRF_SESSION_KEY = base64.urlsafe_b64encode(os.urandom(32)) - app.jinja_env.globals['config']['CSRF_SESSION_KEY'] = config.CSRF_SESSION_KEY - config.SECRET_KEY = base64.urlsafe_b64encode(os.urandom(32)) - app.jinja_env.globals['config']['SECRET_KEY'] = config.SECRET_KEY - config.SECURITY_PASSWORD_SALT = base64.urlsafe_b64encode(os.urandom(32)) - app.jinja_env.globals['config']['SECURITY_PASSWORD_SALT'] = config.SECURITY_PASSWORD_SALT - if config.SERVER_MODE is False: print("NOTE: Configuring authentication for DESKTOP mode.") email = config.DESKTOP_USER @@ -150,7 +141,7 @@ def do_setup(app): ) -def do_upgrade(app, datastore, security, version): +def do_upgrade(app, datastore, version): """Upgrade an existing settings database""" ####################################################################### # Run whatever is required to update the database schema to the current @@ -386,6 +377,12 @@ CREATE TABLE keys ( ############################################################################### if __name__ == '__main__': app = Flask(__name__) + + # Get some defaults for the various keys + config.CSRF_SESSION_KEY = base64.urlsafe_b64encode(os.urandom(32)) + config.SECRET_KEY = base64.urlsafe_b64encode(os.urandom(32)) + config.SECURITY_PASSWORD_SALT = base64.urlsafe_b64encode(os.urandom(32)) + app.config.from_object(config) if config.TESTING_MODE: @@ -411,7 +408,6 @@ Entering upgrade mode...""" % config.SQLITE_PATH) # Setup Flask-Security user_datastore = SQLAlchemyUserDatastore(db, User, Role) - security = Security(app, user_datastore) # Always use "< REQUIRED_VERSION" as the test for readability with app.app_context(): @@ -433,7 +429,7 @@ Exiting...""" % (version.value)) print("NOTE: Upgrading database schema from version %d to %d." % ( version.value, config.SETTINGS_SCHEMA_VERSION )) - do_upgrade(app, user_datastore, security, version) + do_upgrade(app, user_datastore, version) else: directory = os.path.dirname(config.SQLITE_PATH) if not os.path.exists(directory):