Mercurial > p > roundup > code
comparison roundup/cgi/templating.py @ 8412:0663a7bcef6c reauth-confirm_id
feat: finish reauth docs, enhance code.
Decided to keep name Reauth for now.
admin_guide.txt:
add reference mark to roundup admin help. Used for template command
reference in upgrading.txt.
customizing.txt:
added worked example of adding a reauth auditor for address and password.
Also links to OWASP recommendations.
Added link to example code in design.doc on detectors.
glossary.txt:
reference using roundup-admin template command in def for tracker
templates.
pydoc.txt:
Added methods for Client class.
Added class and methods for (cgi) Action, LoginAction and ReauthAction.
reference.txt
Edited and restructured detector section.
Added section on registering a detector and priority use/execution order.
(reference to design doc was used before).
Added/enhanced description of exception an auditor can
raise (includes Reauth).
Added section on Reauth implementation and use (Confirming the User).
Also has paragraph on future ideas.
upgrading.txt
Stripped down the original section. Moved a lot to reference.txt.
Referenced customizing example, mention installation of
_generic.reauth.html and reference reference.txt.
cgi/actions.py:
fixed bad ReST that was breaking pydoc.txt processing
changed doc on limitations of Reauth code.
added docstring for Reauth::verifyPassword
cgi/client.py:
fix ReST for a method breaking pydoc.py processing
cgi/templating.py:
fix docstring on embed_form_fields
templates/*/html/_generic.reauth.html
disable spelling for password field
add timing info to the javascript function that processes file data.
reformat javascript IIFE
templates/jinja2/html/_generic.reauth.html
create a valid jinja2 template. Looks like my original jinja
template got overwritten and committed.
feature parity with the other reauth templates.
test/test_liveserver.py
add test case for Reauth workflow.
Makefile
add doc.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 13 Aug 2025 23:52:49 -0400 |
| parents | ef1ea918b07a |
| children | 370689471a08 fed0f839c260 |
comparison
equal
deleted
inserted
replaced
| 8411:ef1ea918b07a | 8412:0663a7bcef6c |
|---|---|
| 3616 return html_escape(html) | 3616 return html_escape(html) |
| 3617 | 3617 |
| 3618 def embed_form_fields(self, excluded_fields=None): | 3618 def embed_form_fields(self, excluded_fields=None): |
| 3619 """Used to create a hidden input field for each client.form element | 3619 """Used to create a hidden input field for each client.form element |
| 3620 | 3620 |
| 3621 :param: excluded_fields string or something with | 3621 :param excluded_fields: |
| 3622 __contains__ dunder method (tuple, list, set...). | 3622 these fields will not have a hidden field created for them. |
| 3623 | 3623 Value can be a string or multiple strings contained in |
| 3624 Limitations: It ignores file input fields. | 3624 something with a __contains__ dunder method: |
| 3625 tuple, list, set.... | |
| 3626 | |
| 3627 File input fields are represented by a <pre> tag with | |
| 3628 base64 encoded contents and attributes to store the | |
| 3629 filename and mimetype. It requires JavaScript on the | |
| 3630 browser to turn these <pre> tags back into files that can | |
| 3631 be submitted with the form. | |
| 3632 | |
| 3625 """ | 3633 """ |
| 3626 if excluded_fields is None: | 3634 if excluded_fields is None: |
| 3627 excluded_fields = () | 3635 excluded_fields = () |
| 3628 elif isinstance(excluded_fields, str): | 3636 elif isinstance(excluded_fields, str): |
| 3629 excluded_fields = (excluded_fields,) | 3637 excluded_fields = (excluded_fields,) |