error 404 on web.py subapps. How to handle urls? - web.py

last time I wrote the answer was fast and efficient, so here I go again.
I got these 3 files, 2 .py and an html. The thing is that for some reason I get an error 404. It's clearly my url handing the issue. Here is my code
# encoding: utf-8
import web
import os
import gettext
import signup
import verify_email
urls = (
"/", 'Index',
"/sign-up", signup.app_signup,
"/verify_email", verify_email.app_verify_email
)
# Internacionalización:
current_directory = os.path.abspath(os.path.dirname(__file__))
locales_directory = current_directory + '/i18n'
gettext.install('messages', locales_directory, unicode = True)
gettext.translation('messages', locales_directory, languages = ['es']).install(True)
web.config.debug = False
app = web.application(urls, locals())
session = web.session.Session(app, web.session.DiskStore('sessions'))
db = web.database(dbn='postgres', user='zoosalud', pw='pbF8zCxd4gZUmhRxd8AsjfhN', db='zoosalud')
def session_hook():
web.ctx.session = session
web.ctx.db = db
web.ctx.render = render
app.add_processor(web.loadhook(session_hook))
render = web.template.render('views/', globals = {'session': session, 'db': db, '_': _})
class Index:
def GET(self):
user_input = web.input()
user_input.names = ''
user_input.surnames = ''
user_input.nin = ''
user_input.address = ''
user_input.municipality = 0
user_input.phone = ''
user_input.email = ''
session.user_input = user_input
session.errors = []
return render.access()
if __name__ == "__main__":
app.run()
here is my sub app
# encoding: utf-8
import bcrypt
import email_setup
import uuid
import web
urls = (
"/", "SignUp"
)
class SignUp:
def POST(self):
user_input = web.input()
web.ctx.session.errors = []
user = web.ctx.db.select('role', where="email='" + user_input.email + "'")
if user:
web.ctx.session.errors.append('email_taken')
user = web.ctx.db.select('role', where="nin='" + user_input.nin + "'")
if user:
web.ctx.session.errors.append('nin_taken')
if user_input.password != user_input.confirm_password:
web.ctx.session.errors.append('passwords_not_match')
if user_input.municipality == '0':
web.ctx.session.errors.append('unselected_municipality')
if web.ctx.session.errors:
web.ctx.session.user_input = user_input
return web.ctx.render.access()
app_signup = web.application(urls, locals())
and my html
<form method=post action="sign-up">
<ul>
<li><input name=names required maxlength=24 placeholder=$_('name') value="$session.user_input.names"></li>
<li><input name=surnames required maxlength=24 placeholder=$_('surname') value="$session.user_input.surnames"></li>
<li><input name=nin requiered maxlength=12 placeholder=$_('nin') value="$session.user_input.nin"></li>
<li><input name=address required maxlenght=64 placeholder=$_('address') value="$session.user_input.address"></li>
<li><select id=municipality name=municipality>
<option value=0>$_('municipality'):</option>
$for municipality in municipalities:
<option value=$municipality.id>$municipality.name</option>
</select></li>
<li><input name=phone required maxlength=10 placeholder=$_('phone') value=$session.user_input.phone></li>
<li><input name=email type=email required maxlenght=254 placeholder=$_('email') value=$session.user_input.email></li>
<li><input name=password type=password required placeholder=$_('password')></li>
<li><input name=confirm_password type=password required placeholder=$_('confirm_password')></li>
<li><input type=submit value="$_('sign_up')"></li>
</ul>
The problem as I mention is the error404 when I map to "/" in the subapp, which is weird because when I map to "" it does work, but now I need to map it so I can get the path with GET, and this solution does not work in the long term.
Thanks in advance guys.

You may change subapp mapping to "/?", "SignUp" so it should work with and without trailing slash.

Related

how to store bcrypt hashpw result in db correctly?

I am in the process of creating a login system.
I use python flask and as database the Prostgresql.
I think I just store the hash value wrong.
I have saved it as vachar 255 so far
My code:
from flask import Flask, render_template, redirect, request, url_for, session
from flask_sqlalchemy import SQLAlchemy
import bcrypt
import psycopg2
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://postgres:PostGreSQL_13#localhost/test'
sql = SQLAlchemy(app)
#app.route('/')
def home():
return render_template("home.html")
#app.route('/register', methods=["GET","POST"])
def register():
if request.method == "GET":
return render_template("register.html")
else:
name = request.form['name']
email = request.form['email']
password = request.form['password'].encode('utf-8')
hash_password = bcrypt.hashpw(password, bcrypt.gensalt())
t_host = 'localhost'
t_port = "5432"
t_dbname = "test"
t_user = "postgres"
t_pw = "password"
db_conn = psycopg2.connect(host=t_host, port=t_port, dbname=t_dbname, user=t_user, password=t_pw)
db_cursor = db_conn.cursor()
db_cursor.execute("INSERT INTO users (UserName,UserEmail,UserPassword) VALUES (%s,%s,%s)",(name,email,hash_password,))
db_conn.commit()
session['name'] = name
session['email'] = email
return redirect(url_for("home"))
#app.route('/login', methods=["GET","POST"])
def login():
if request.method == "POST":
email = request.form['email']
password = request.form['password'].encode('utf-8')
t_host = 'localhost'
t_port = "5432"
t_dbname = "test"
t_user = "postgres"
t_pw = "password"
db_conn = psycopg2.connect(host=t_host, port=t_port, dbname=t_dbname, user=t_user, password=t_pw)
db_cursor = db_conn.cursor()
db_cursor.execute("SELECT username, useremail, userpassword FROM users WHERE useremail=%s",(email,))
user = db_cursor.fetchone()
db_conn.close()
if len(user) > 0:
name = user[0]
if bcrypt.hashpw(password, user[2].encode('utf-8')) == user[2].encode('utf-8'):
session['name'] = user[0]
session['email'] = user[1]
return render_template("home.html")
else:
return "Versuch es doch Nochmal"
else:
return render_template("login.html")
#app.route('/logout')
def logout():
session.clear()
return render_template("home.html")
if __name__ == '__main__':
app.secret_key = '012#!ApaAjaBoleh)(*^%'
app.run(debug=True)
the procedure I got from the Youtube video. see attachment.
I need a login system and this was recommended to me, it works pretty good.
The last one has to work somehow and if it works I would be very happy.
Can anyone tell me what I'm doing wrong or if my appendix with the database is right or wrong?
I know nothing about this language you're using, but any bcrypt implementation will output a string similar to:
$2a$12$ieXy2Rj/TEGqVRx0JihGFesujNFCdmlQWpUaTNvwQ0XuB3lzOcTWK
Yes, you should store that varchar string in your database.

Generate an Odoo downloadable CSV report

I need to provide a button in Sale Order Form View to export order lines to CSV with a specific format. I have searched a lot but I only have found custom modules that don't satisfy the solution because users shouldn't have to select fields.
UPDATE: Solution
I ended up doing the following solution, thanks to #phillip-stack and his answer:
Model
# -*- coding: utf-8 -*-
import csv, sys
from openerp import api, fields, models, _
class sale_order_export_line(models.Model):
_inherit = 'sale.order'
_auto = False
#api.multi
def export_lines_to_csv(self):
return {
'type' : 'ir.actions.act_url',
'url': '/csv/download/sale_order/%s/supplier_name/%s'%(self.id,'American'),
'target': 'blank',
}
#api.model
def _csv_download(self,vals):
order_id = vals.get('order_id')
supplier_name = vals.get('supplier_name')
so = self.env['sale.order'].browse(order_id)
lines = so.order_line.search([('order_id','=',order_id),('supplier_name','ilike',supplier_name)])
columns = [u'Número pedido Dentaltix',u'Nombre de cliente',u'Dirección', u'Código postal', u'Población',
u'Provincia', u'País', u'Teléfono', u'Horario de entrega', u'Referencia', u'Cantidad', u'Envío']
csv = u','.join(columns)
csv += "\n"
if len(lines) > 0:
for ol in lines:
drupal_order_name = so.drupal_order_name if so.drupal_order_name else ''
client_notes = so.client_notes if so.client_notes else ''
supplier_ref = ol.supplier_ref if ol.supplier_ref else ''
picking_policy = DELIVERY_METHODS[so.picking_policy] if so.picking_policy else 'Directo'
product_uos_qty = str(int(ol.product_uos_qty)) if ol.product_uos_qty else '0'
csv_row = u'","'.join(data)
csv += u"\"{}\"\n".format(csv_row)
return csv
sale_order_export_line()
Controller
# -*- coding: utf-8 -*-
from openerp import http
from openerp.http import request
from openerp.addons.web.controllers.main import serialize_exception,content_disposition
class SaleOrderController(http.Controller):
#http.route('/csv/download/sale_order/<int:order_id>/supplier_name/<string:supplier_name>', auth='user')
def sale_order_lines_csv_download(self, order_id, supplier_name, **kw):
if supplier_name:
csv = http.request.env['sale.order']._csv_download({'order_id': order_id, 'supplier_name':supplier_name})
else:
csv = http.request.env['sale.order']._csv_download({'order_id': order_id, 'supplier_name': False})
filename = 'order_lines_%s_%s.csv'%(order_id,supplier_name)
return request.make_response(csv,
[('Content-Type', 'application/octet-stream'),
('Content-Disposition', 'attachment; filename="%s"'%(filename))])
I probably should not be admitting to this. But I use a technique with controllers and adding a link to a form. The controller can be modified to conduct custom security checks of your choosing then you can use sudo() to bypass field restrictions on the models in question. Then just return the csv with the format of your choosing.
And of course... An Example!
CONTROLLER
#http.route('/csv/download/<int:rec_id>/', auth='user', website=True)
def csvdownload(self, rec_id, **kw):
return http.request.env['your_addon.your_model']._csv_download({'rec_id': rec_id})
MODEL METHOD
def _get_csv_url(self):
self.csv_url = "/csv/download/{}/".format(self.id)
csv_url = fields.Char(compute=_get_csv_url)
#api.model
def _csv_download(self,vals):
sql = """SELECT
quote_nullable(field_1),
quote_nullable(field_2),
quote_nullable(field_3),
quote_nullable(field_4)
FROM
table_name
WHERE id={}""".format(vals.get(rec_id))
self.env.cr.execute(sql)
rows = self.env.cr.fetchall()
csv = """'Field 1','Field 2','Field 3','Field 4'\n"""
if rows:
for row in rows:
csv_row = ""
for item in row:
csv_row+= "{},".format(item)
csv+="{}\n".format(csv_row[:-1])
return csv
In your form have a link which points to your controller
<a id="csv_download" href="#" target="_blank" download="file.csv"/>
<div id="csv_url_div" style="display:none"><field name="csv_url"/></div>
<script>
$(document).ready(function(){
var csv_url = $("#csv_url_div").text();
$("#csv_download").attr("href", csv_url);
});
</script>
I acknowledge the level of hackyness that is going on here. I am sure if I spent more time on it I could do something with a nice Odoo widget that would be quite nice. But it has worked for me.

Momoko, Jinja2 and Tornado

there is something fundamentally wrong with my code. These are my
tornado handlers with basic authentication and jinja2 as template
engine. The following works without the momoko db parts.
class BaseHandler(tornado.web.RequestHandler):
#property
def db(self):
return self.application.db
def get_current_user(self):
return self.get_secure_cookie("user")
class TemplateHandler(BaseHandler):
"""Request handler for writing HTML templates."""
def render(self, template_name, **kwargs):
"""Renders a Jinja2 template."""
kwargs['options'] = options.as_dict()
template = templates.environment.get_template(template_name)
html = template.render(kwargs)
self.write(html)
class AuthLoginHandler(TemplateHandler):
def get(self):
try:
errormessage = self.get_argument("error")
except:
errormessage = ""
self.render("login.html", errormessage = errormessage)
def check_permission(self, password, username):
if username == "admin" and password == "admin":
return True
return False
def post(self):
username = self.get_argument("username", "")
password = self.get_argument("password", "")
auth = self.check_permission(password, username)
if auth:
self.set_current_user(username)
self.redirect(self.get_argument("next", u"/"))
else:
error_msg = u"?error=" + tornado.escape.url_escape("Login incorrect")
self.redirect(u"/auth/login/" + error_msg)
def set_current_user(self, user):
if user:
self.set_secure_cookie("user", tornado.escape.json_encode(user))
else:
self.clear_cookie("user")
class AuthLogoutHandler(TemplateHandler):
def get(self):
self.clear_cookie("user")
self.redirect(self.get_argument("next", "/"))
class MainHandler(TemplateHandler):
#gen.engine
def get(self):
username = tornado.escape.xhtml_escape(self.current_user)
try:
cursor = yield momoko.Op(self.db.execute, 'SELECT * FROM products;')
except Exception as error:
self.write(str(error))
res = 'Query results: '+''.join(str(cursor.fetchall()))
self.render("index.html", username = username, cip = self.request.remote_ip, res = res)
For the logged in client, this code should execute a basic query and then print the result to the defined location ( {{ res }} ) within the jinja template. When I try to start the server, I get this:
line 22, in render
kwargs['options'] = options.as_dict()
AttributeError: 'module' object has no attribute 'as_dict'
We'll need to see your "import" statements to know what's wrong for certain. I suspect you have:
from tornado import options
But you need:
from tornado.options import options

How to Insert Record and Upload file using the FreeASPUpload Script

I want to Insert record and upload file at the same time, right now im using FreeASPUpload Script. When i submit the form it returns this error
Cannot use the generic Request collection after calling BinaryRead
Here is the Full Source Code of my page
<%
option explicit
Response.Expires = -1
Server.ScriptTimeout = 600
Session.CodePage = 65001
%>
<!-- #include file="UploadClass.asp" -->
<%
Dim uploadsDirVar
uploadsDirVar = server.MapPath("Files_Uploaded")
function OutputForm()
%>
<form name="frmSend" method="POST" enctype="multipart/form-data" accept-charset="utf-8" action="form.asp" onSubmit="return onSubmitForm();">
<input type="hidden" name="ApplicationForm" value="Insert" />
Name: <input type="text" name="name_insert" value="" size="30" />
<B>File names:</B><br>
File 1: <input name="attach1" type="file" size=35><br>
<br>
<input style="margin-top:4" type="submit" value="Submit">
</form>
<%
end function
function TestEnvironment()
Dim fso, fileName, testFile, streamTest
TestEnvironment = ""
Set fso = Server.CreateObject("Scripting.FileSystemObject")
if not fso.FolderExists(uploadsDirVar) then
TestEnvironment = "<B>Folder " & uploadsDirVar & " does not exist.</B><br>The value of your uploadsDirVar is incorrect. Open uploadTester.asp in an editor and change the value of uploadsDirVar to the pathname of a directory with write permissions."
exit function
end if
fileName = uploadsDirVar & "\test.txt"
on error resume next
Set testFile = fso.CreateTextFile(fileName, true)
If Err.Number<>0 then
TestEnvironment = "<B>Folder " & uploadsDirVar & " does not have write permissions.</B><br>The value of your uploadsDirVar is incorrect. Open uploadTester.asp in an editor and change the value of uploadsDirVar to the pathname of a directory with write permissions."
exit function
end if
Err.Clear
testFile.Close
fso.DeleteFile(fileName)
If Err.Number<>0 then
TestEnvironment = "<B>Folder " & uploadsDirVar & " does not have delete permissions</B>, although it does have write permissions.<br>Change the permissions for IUSR_<I>computername</I> on this folder."
exit function
end if
Err.Clear
Set streamTest = Server.CreateObject("ADODB.Stream")
If Err.Number<>0 then
TestEnvironment = "<B>The ADODB object <I>Stream</I> is not available in your server.</B><br>Check the Requirements page for information about upgrading your ADODB libraries."
exit function
end if
Set streamTest = Nothing
end function
function SaveFiles
Dim Upload, fileName, fileSize, ks, i, fileKey
Set Upload = New FreeASPUpload
Upload.Save(uploadsDirVar)
' If something fails inside the script, but the exception is handled
If Err.Number<>0 then Exit function
SaveFiles = ""
ks = Upload.UploadedFiles.keys
if (UBound(ks) <> -1) then
SaveFiles = "<B>Files uploaded:</B> "
for each fileKey in Upload.UploadedFiles.keys
SaveFiles = SaveFiles & Upload.UploadedFiles(fileKey).FileName & " (" & Upload.UploadedFiles(fileKey).Length & "B) "
next
else
SaveFiles = "No file selected for upload or the file name specified in the upload form does not correspond to a valid file in the system."
end if
SaveFiles = SaveFiles & "<br>Enter a number = " & Upload.Form("enter_a_number") & "<br>"
SaveFiles = SaveFiles & "Checkbox values = " & Upload.Form("checkbox_values") & "<br>"
SaveFiles = SaveFiles & "List values = " & Upload.Form("list_values") & "<br>"
SaveFiles = SaveFiles & "Text area = " & Upload.Form("t_area") & "<br>"
end function
%>
<HTML>
<HEAD>
<TITLE>Test Free ASP Upload 2.0</TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style>
BODY {background-color: white;font-family:arial; font-size:12}
</style>
<script>
function onSubmitForm() {
var formDOMObj = document.frmSend;
if (formDOMObj.attach1.value == "")
alert("Please press the Browse button and pick a file.")
else
return true;
return false;
}
</script>
</HEAD>
<BODY>
<br><br>
<div style="border-bottom: #A91905 2px solid;font-size:16">Upload files to your server</div>
<%
Dim diagnostics
if Request.ServerVariables("REQUEST_METHOD") <> "POST" then
diagnostics = TestEnvironment()
if diagnostics<>"" then
response.write "<div style=""margin-left:20; margin-top:30; margin-right:30; margin-bottom:30;"">"
response.write diagnostics
response.write "<p>After you correct this problem, reload the page."
response.write "</div>"
else
response.write "<div style=""margin-left:150"">"
OutputForm()
response.write "</div>"
end if
else
response.write "<div style=""margin-left:150"">"
OutputForm()
response.write SaveFiles()
response.write "<br><br></div>"
end if
%>
</BODY>
</HTML>
<!-- #include file="ADOVBS.inc" -->
<%
'=======================================================================================
' CONNECT DATABASE
'=======================================================================================
Dim objConn, objRs
Set objConn = CreateObject("ADODB.Connection")
Set objRs = CreateObject("ADODB.Recordset")
objConn.open"Provider=Microsoft.Jet.OLEDB.4.0;Data Source="& server.MapPath("db/Job_database.mdb") &";Mode=ReadWrite|Share Deny None;Persist Security Info=False"
If Request("ApplicationForm") = "Insert" Then
Set InsCom=Server.CreateObject("ADODB.Command")
InsCom.ActiveConnection=objConn
InsName = Trim(request("name_insert"))
InsName = replace(InsName,"'","''")
InsCom.CommandText = "Insert into applications(aname)Values(?)"
InsCom.Parameters.Append InsCom.CreateParameter("#name_insert", adVarChar, adParamInput, 255, InsName)
InsCom.Execute
End If
%>
I have been searching for this problem, but couldn't make it work. although what i found is that i have to use the Form Collection provided by FreeASPUpload. therefore i change
If Request("ApplicationForm") = "Insert" Then
to this
If Upload.Form("ApplicationForm") = "Insert" Then
But it also returns an error, that says: Variable is undefined: 'Upload'
If i change the Request method, it only Uploads the file not inserts the record
If Request.QueryString("ApplicationForm") = "Insert" Then
What i understands is that my insert query is in wrong place or so...
Please help me solve this problem.. thanks
I haven't used AspFreeUpload much so I'm guessing a bit here.
It would appear that using the Request object isn't an option so you're stuck with having to use the Upload.Form. As your code stands, the Upload object is only defined and set within the context of your SaveFiles function.
Try moving your database insert code to within the SaveFiles function. This would mean cutting everything from the line
Dim objConn, objRs
to
InsCom.Execute
and pasting it just before 'End Function'
You may also need to move your include adovbs.inc directive to somewhere before the function was called. The most logical place would be on the line immediately below your other include directive = for uploadclass.asp

coldfusion struct in function argument

I'm trying to do server side facebook connect, but the sdk (get it here) provided gives the following error:
Invalid CFML construct found on line 523 at column 78.
ColdFusion was looking at the following text:
{
And it doesn't explain why it's throwing this error. I'm not good at cfscript, so I don't know whether the sdk uses the correct syntax, but it throws the error on this function, at the braces of the struct in the function arguments:
private String function getUrl(String path = "", Struct parameters = {})
{
var key = "";
var resultUrl = "https://www.facebook.com/" & arguments.path;
if (structCount(arguments.parameters)) {
resultUrl = resultUrl & "?" & serializeQueryString(arguments.parameters);
}
return resultUrl;
}
I had thought that using an sdk would be a no brainer, but apparently I'm missing something.
What am I doing wrong?
Part 2:
The code now comes to a halt at:
for (var propertyName in arguments.properties) {
httpService.addParam(type="formField", name=propertyName, value=arguments.properties[propertyName]);
}
Are you not allowed to use a for loop in cfscript?
Try structNew() or "#structNew()#" instead of {}
This should work for connecting to Facebook and getting an access token:
<cfset appID = ""/>
<cfset secret_key = ""/>
<cfset app_url = ""/>
<cfparam name="URL.Code" default="0">
<cfparam name="URL.state" default="0">
<cfparam name="SESSION.Redirect" default="0">
<cfset code_ = URL.Code>
<cfif code_ EQ "" OR code_ EQ 0>
<cfset SESSION.State = Hash(CreateUUID(),"MD5")>
<cfset dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" & appID & "&redirect_uri=" & app_url & "&scope=email,user_photos,publish_stream" & "&state=" & SESSION.State>
<cflocation url="#dialog_url#" addtoken="no">
</cfif>
<cfif SESSION.State EQ URL.State>
<cfset token_url = "https://graph.facebook.com/oauth/access_token?client_id=" & appID & "&redirect_uri=" & app_url & "&client_secret=" & secret_key & "&code=" & code_>
<cfhttp url="#token_url#" result="AccessToken" method="GET">
<cfelse>
<p>The state does not match. You may be a victim of CSRF.</p>
</cfif>