hack4impact / flask-base Goto Github PK

• Should fix macros for menus so they're more modular
• Backport some new work done for journalup's front-end

It looks like the only thing keeping this project from being able to run python2 currently is import urllib.parse in config.py, this can be easily handled with an if/else clause, is there anything else?

What's the recommended way to use flask-base as the base for a new project? It seems if you use git clone then copy paste the files into your new project, you will lose track of updates and fixes.

Would git submodule add -b master https://github.com/hack4impact/flask-base be the preferred method?

include dummy MAIL_USERNAME and MAIL_PASSWORD and tell user that they need to fill out

• Double-check that CSRF protection is working properly
• Other features from flask-security package that might be missing

We should explicitly define these views. For example, in JournalUp, we have these functions:

@main.route('/login', methods=['GET', 'POST'])
def login():
    if current_user.is_authenticated():
        return redirect(index_url_for_blueprint(current_user))
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter(func.lower(User.email) == func.lower(form.email.data)).first()
        if user is not None and user.verify_password(form.password.data):
            login_user(user, form.remember_me.data)
            # if user.is_role("admin"):
            #     return redirect(url_for('admin.index'))
            # elif user.is_role("student"):
            #     return redirect(url_for('students.index'))
            # else:
            #     return redirect(url_for('mentors.index'))
            return redirect(index_url_for_blueprint(user))
        flash('Invalid username or password.')
    return render_template('main/login.html', form=form)

@main.route('/logout')
@login_required
def logout():
    logout_user()
    flash('You have been logged out.')
    return redirect(url_for('.index'))

@main.route('/change-password', methods=['GET', 'POST'])
@login_required
def change_password():
    form = ChangePasswordForm()
    if form.validate_on_submit():
        user = current_user
        if user.verify_password(form.current_password.data):
            user.set_password(form.new_password.data)
            flash('Your password was successfully changed.')
            return redirect(index_url_for_blueprint(current_user))
        form.current_password.errors.append('Invalid password.')
    return render_template('main/change_password.html', form=form)

@main.route('/forgot-password', methods=['GET', 'POST'])
def forgot_password():
    if current_user.is_authenticated():
        flash('You are already logged in.')
        return redirect(index_url_for_blueprint(current_user))
    form = ForgotPasswordForm()
    if form.validate_on_submit():
        user = User.query.filter_by(email=form.email.data).first()
        if user:
            send_reset_email(user = user)
            flash('The password reset email was sent.')
            return redirect(url_for('.index'))
        form.email.errors.append('Your email is invalid.')
    return render_template('main/forget_password.html', form=form)

@main.route('/reset/<token>', methods=['GET', 'POST'])
def reset_password_with_token(token):
    if current_user.is_authenticated():
        flash('You are already logged in.')
        return redirect(index_url_for_blueprint(current_user))
    user = User.query.filter_by(reset_token = token).first()
    if user is None:
        return abort(404)
    form = ResetPasswordForm()
    if form.validate_on_submit():
        user.set_password(form.new_password.data)
        flash('Your password was successfully changed.')
        login_user(user)
        user.reset_token = None
        return redirect(index_url_for_blueprint(current_user))        
    return render_template('main/reset_password.html', form=form)

Pretty trivial to add. See https://github.com/hack4impact/gpcah/blob/master/app/__init__.py#L84

https://codeclimate.com/github/hack4impact/flask-base/tests/test_basics.py

Steps to reproduce:

1. Make an account
2. Don't confirm email
3. Log in with account

Expected
4. See message that asks to reconfirm email and you are blocked from doing other user things

Actual
4. See message that asks to reconfirm email and you can do other user things

The server is running fine from what I can see. However, there seems to be a missing asset error. Could someone explain why this occurs? I can't find it in the webassets-external/ directory and it seems to be generated by Flask.

After a db.session.add the session must also be committed. This has led to strange bugs in cac where locally everything works but sessions that aren't committed in production don't work.

It would be best to figure out a non-intrusive way to automatically reload assets on file change and propagate those changes to the browser. This plugin may be helpful, but it wraps our entire flask app within a LiveReload Server. https://pypi.python.org/pypi/livereload

For people new to flask who are working on projects forked from flask-base, it would be nice to have more explanations of how and why we do things. This is a decently complex flask app and would probably confuse a lot of people.

Install flake8

might need sudo when installing globally

$ sudo pip install flake8

Set Up flake8 Hooks

add the hook to check style on ‘git commit’ (run in root of project)

$ flake8 --install-hook

setting the strict config means it will block the commit if there are errors

$ git config flake8.strict true

Hi everyone,

I haven't done Flask web deployments before and I started using this code base with limited Flask knowledge. After working with the code base to get it to the point where I want to deploy it on for cloud testing, I found that the javascript functions were not working for the about page and the top right slider for the mobile view:

The only changes/differences between my local copy and the online deployment are that the online deployment has a different port number and is connected via upstream from a nginx web server. I enabled gzip javascript for nginx with these lines:

http {
...

    gzip on;
    gzip_disable "msie6";
    gzip_types application/x-javascript;

...
}

If you need any additional information feel free to email me.

Title says it all. Consistently plagued by gmail's security filters preventing us from sending emails.

How about add it to list?

awesomo here

If you add it to list, you can find more contributors for your project.

From working on Go and working at Google (where most code is auto-formatted) I've noticed that there are immense benefits to auto-formatting code.

1. Code style and conformation to standards, like pep8, are ensured.
2. Writing code is faster.
3. Less cognitive load, it's one less thing to worry about.
4. No arguments about style.
5. If all of our python code is formatted the same, getting up to speed with code you didn't write will take less effort.
6. Diffs show actual code, not 'diff noise' where someone adds a space or changes formatting.

This has been long overdue. We need to make sure that everyone has a solid guide on how to set up the app on Heroku at least.

@aharelick said "Agree with max and the suggestions from owasp say we should make the minimum 8 characters. They also say that the recommendations may be out of date, but I think it's a good place to start. Also, we should probably add the validator to RegistrationForm and ResetPasswordForm and ChangePasswordForm."

• Update SemUI version to track post 2.0.0 bugfixes
• Include separate SCSS files (perhaps from port at https://github.com/doabit/semantic-ui-sass) so that the whole framework doesn't have to be included, just the modules that are being used.

I want to setup plenty of tasks to be delegated to workers on a queue -or possibly multiple queues. Each of these workers will need to have longer than the default 180 seconds.

I tried looking around online to see how to set this up with flask without much luck so I was wondering if there if someone here could explain to me how?

Right now I have the default 1 worker with 180 seconds lifespan before it gets terminated.

Right now, async code (e.g. send_email) is implemented with threads). We should have a worker process always running which completes tasks from the task queue instead. One problem with the current approach is that clients of the send_email function do not know that it is asynchronous unless they read the implementation. I would much prefer something like this (with rq)

result = task_queue.enqueue(send_email, <args>)

if so, you may have to create an ssh keypair to properly authenticate

This has been a problem for a while! Let's fix it

Not only is the getting closer to the fabled flask 1.0, but you could drop the Flask-Script dependency for example

After deploying the code base to an EC2 instance I have an email generation problem where the confirm_link = url_for('account.confirm', token=token, _external=True) is creating a url of:

127.0.0.1:8000/account/confirm-account/

I tried setting the app.config['SERVER_NAME'] to the name of my server as seen here:

http://stackoverflow.com/questions/12162634/where-do-i-define-the-domain-to-be-used-by-url-for-in-flask

However, that didn't work. I did manage to get it to work though by turning off the _external=True flag and manually setting the name of the server as a variable. Just wondering if there was a better way to go about this (maybe defining the server name in Local?) or if I'm missing something to how this whole flask stack works.

Used by CodeClimate

A good code review process is essential to writing good code. But certain code problems are difficult for humans to spot. Duplication, for example. If new code is an exact duplicate of code from an existing file in a project, that might not be caught in a code review. Static analysis tools catch duplication, security concerns, and more.
https://github.com/18F/development-guide/blob/master/project_setup/README.md

I'm testing to see how to get a RQ task to run on server startup similar to the email task. I assume that I'm supposed to have the task enqueued inside the context of the application. I tried running it inside the app/init.py python file but I got an exception:

raise RuntimeError('working outside of application context')
RuntimeError: working outside of application context

Where should I put the code for running the task?

See discussion at hack4impact-upenn/women-veterans-rock#1

should probably move https://github.com/hack4impact/flask-base#extensions info to https://github.com/hack4impact/flask-base#whats-included

do other people get this when setting up? I don't see faker in either of the requirements files

Changes are in "manage.py".

I'm new to semantic-ui and when I try to build a table of information from the database it works but the width of the table is always the width of the browser. I tried various settings such as setting the 'width' variable or setting class as "ui celled striped table ten wide". Even placing it in a container and doing the same had no effect. What can I do to customize the width of a table/container in a view?

Steps this will probably require

1. Run python 2to3 on our application code
2. Reinstall python3 versions of our dependencies

I really like this setup! But not the gem part.
foreman provides alternatives for different languages.

It suggests using honcho as a replacement for python.
Are there any drawbacks? Thanks!

Use https://github.com/hayd/pep8radius to check if only a modified line is not properly formatted.