commit
47565b3831
3 changed files with 11 additions and 7 deletions
|
@ -68,7 +68,7 @@ Configuration
|
||||||
|
|
||||||
You can configure the following via environment variables.
|
You can configure the following via environment variables.
|
||||||
|
|
||||||
`SECRET_KEY` this should be a unique key that's used to sign key. This should
|
`SECRET_KEY` unique key that's used to sign key. This should
|
||||||
be kept secret. See the `Flask Documentation`__ for more information.
|
be kept secret. See the `Flask Documentation`__ for more information.
|
||||||
|
|
||||||
.. __: http://flask.pocoo.org/docs/quickstart/#sessions
|
.. __: http://flask.pocoo.org/docs/quickstart/#sessions
|
||||||
|
@ -88,7 +88,9 @@ need to change this.
|
||||||
|
|
||||||
`SNAPPASS_REDIS_DB` is the database that you want to use on this redis server. Defaults to db 0
|
`SNAPPASS_REDIS_DB` is the database that you want to use on this redis server. Defaults to db 0
|
||||||
|
|
||||||
`REDIS_URL` is optional and, if set, will be used instead of `REDIS_HOST`, `REDIS_PORT`, and `SNAPPASS_REDIS_DB` to configure the Redis client object. For example: redis://username:password@localhost:6379/0
|
`REDIS_URL` (optional) will be used instead of `REDIS_HOST`, `REDIS_PORT`, and `SNAPPASS_REDIS_DB` to configure the Redis client object. For example: redis://username:password@localhost:6379/0
|
||||||
|
|
||||||
|
`REDIS_PREFIX` (optional, defaults to `"snappass"`) prefix used on redis keys to prevent collisions with other potential clients
|
||||||
|
|
||||||
Docker
|
Docker
|
||||||
------
|
------
|
||||||
|
|
|
@ -13,13 +13,13 @@ from werkzeug.urls import url_unquote_plus
|
||||||
|
|
||||||
|
|
||||||
SNEAKY_USER_AGENTS = ('Slackbot', 'facebookexternalhit', 'Twitterbot',
|
SNEAKY_USER_AGENTS = ('Slackbot', 'facebookexternalhit', 'Twitterbot',
|
||||||
'Facebot', 'WhatsApp', 'SkypeUriPreview',
|
'Facebot', 'WhatsApp', 'SkypeUriPreview', 'Iframely')
|
||||||
'Iframely')
|
|
||||||
SNEAKY_USER_AGENTS_RE = re.compile('|'.join(SNEAKY_USER_AGENTS))
|
SNEAKY_USER_AGENTS_RE = re.compile('|'.join(SNEAKY_USER_AGENTS))
|
||||||
NO_SSL = os.environ.get('NO_SSL', False)
|
NO_SSL = os.environ.get('NO_SSL', False)
|
||||||
TOKEN_SEPARATOR = '~'
|
TOKEN_SEPARATOR = '~'
|
||||||
|
|
||||||
|
|
||||||
|
# Initialize Flask Application
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
if os.environ.get('DEBUG'):
|
if os.environ.get('DEBUG'):
|
||||||
app.debug = True
|
app.debug = True
|
||||||
|
@ -27,6 +27,7 @@ app.secret_key = os.environ.get('SECRET_KEY', 'Secret Key')
|
||||||
app.config.update(
|
app.config.update(
|
||||||
dict(STATIC_URL=os.environ.get('STATIC_URL', 'static')))
|
dict(STATIC_URL=os.environ.get('STATIC_URL', 'static')))
|
||||||
|
|
||||||
|
# Initialize Redis
|
||||||
if os.environ.get('MOCK_REDIS'):
|
if os.environ.get('MOCK_REDIS'):
|
||||||
from mockredis import mock_strict_redis_client
|
from mockredis import mock_strict_redis_client
|
||||||
redis_client = mock_strict_redis_client()
|
redis_client = mock_strict_redis_client()
|
||||||
|
@ -38,6 +39,7 @@ else:
|
||||||
redis_db = os.environ.get('SNAPPASS_REDIS_DB', 0)
|
redis_db = os.environ.get('SNAPPASS_REDIS_DB', 0)
|
||||||
redis_client = redis.StrictRedis(
|
redis_client = redis.StrictRedis(
|
||||||
host=redis_host, port=redis_port, db=redis_db)
|
host=redis_host, port=redis_port, db=redis_db)
|
||||||
|
REDIS_PREFIX = os.environ.get('REDIS_PREFIX', 'snappass')
|
||||||
|
|
||||||
TIME_CONVERSION = {'week': 604800, 'day': 86400, 'hour': 3600}
|
TIME_CONVERSION = {'week': 604800, 'day': 86400, 'hour': 3600}
|
||||||
|
|
||||||
|
@ -97,7 +99,7 @@ def set_password(password, ttl):
|
||||||
Returns a token comprised of the key where the encrypted password
|
Returns a token comprised of the key where the encrypted password
|
||||||
is stored, and the decryption key.
|
is stored, and the decryption key.
|
||||||
"""
|
"""
|
||||||
storage_key = uuid.uuid4().hex
|
storage_key = REDIS_PREFIX + uuid.uuid4().hex
|
||||||
encrypted_password, encryption_key = encrypt(password)
|
encrypted_password, encryption_key = encrypt(password)
|
||||||
redis_client.setex(storage_key, ttl, encrypted_password)
|
redis_client.setex(storage_key, ttl, encrypted_password)
|
||||||
encryption_key = encryption_key.decode('utf-8')
|
encryption_key = encryption_key.decode('utf-8')
|
||||||
|
|
4
tests.py
4
tests.py
|
@ -37,7 +37,7 @@ class SnapPassTestCase(TestCase):
|
||||||
token_fragments = token.split(snappass.TOKEN_SEPARATOR)
|
token_fragments = token.split(snappass.TOKEN_SEPARATOR)
|
||||||
self.assertEqual(2, len(token_fragments))
|
self.assertEqual(2, len(token_fragments))
|
||||||
redis_key, encryption_key = token_fragments
|
redis_key, encryption_key = token_fragments
|
||||||
self.assertEqual(32, len(redis_key))
|
self.assertEqual(32 + len(snappass.REDIS_PREFIX), len(redis_key))
|
||||||
try:
|
try:
|
||||||
Fernet(encryption_key.encode('utf-8'))
|
Fernet(encryption_key.encode('utf-8'))
|
||||||
except ValueError:
|
except ValueError:
|
||||||
|
@ -130,7 +130,7 @@ class SnapPassRoutesTestCase(TestCase):
|
||||||
]
|
]
|
||||||
|
|
||||||
for ua in a_few_sneaky_bots:
|
for ua in a_few_sneaky_bots:
|
||||||
rv = self.app.get('/{0}'.format(key), headers={ 'User-Agent': ua })
|
rv = self.app.get('/{0}'.format(key), headers={'User-Agent': ua})
|
||||||
self.assertEqual(404, rv.status_code)
|
self.assertEqual(404, rv.status_code)
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue