diff options
author | Marian Sigler <m@qjym.de> | 2012-10-06 16:40:24 +0200 |
---|---|---|
committer | Marian Sigler <m@qjym.de> | 2012-10-06 16:40:35 +0200 |
commit | b52de923cbb794b8dbc4d94c60c38088e26d95b5 (patch) | |
tree | ee2abbf99c8ba4815a1fefcde51f267a3649b81c | |
parent | f1683aaf4b02721c26e68723fcbaebb536aac26a (diff) | |
download | web-b52de923cbb794b8dbc4d94c60c38088e26d95b5.tar.gz web-b52de923cbb794b8dbc4d94c60c38088e26d95b5.tar.bz2 web-b52de923cbb794b8dbc4d94c60c38088e26d95b5.zip |
Make external urls always with https
-rw-r--r-- | app.py | 2 | ||||
-rw-r--r-- | default_settings.py | 2 | ||||
-rw-r--r-- | forms.py | 5 | ||||
-rw-r--r-- | utils.py | 13 |
4 files changed, 18 insertions, 4 deletions
@@ -7,7 +7,7 @@ import account import ldap import os from copy import deepcopy -from flask import flash, Flask, g, redirect, request, session, url_for +from flask import flash, Flask, g, redirect, request, session from utils import * diff --git a/default_settings.py b/default_settings.py index 8581bdb..2a74829 100644 --- a/default_settings.py +++ b/default_settings.py @@ -19,3 +19,5 @@ LDAP_HOST = 'ldap://localhost:5678' LDAP_BASE_DN = [('dc','accounts'),('dc','spline'),('dc','inf'),('dc','fu-berlin'),('dc','de')] LDAP_ADMIN_USER = 'admin' LDAP_ADMIN_PASS = 'admin' + +PREFERRED_URL_SCHEME = 'https' @@ -1,10 +1,11 @@ # -*- coding: utf-8 -*- from account import SERVICES, NoSuchUserError -from flask import g, current_app, session, url_for, Markup +from flask import g, current_app, session, Markup from flask.ext.wtf import Form, validators, TextField, PasswordField,\ ValidationError, BooleanField from functools import partial -from utils import _username_re, _username_exclude_re, decrypt_password, NotRegexp +from utils import _username_re, _username_exclude_re, decrypt_password,\ + NotRegexp, url_for username = partial(TextField, 'Benutzername', [validators.Regexp(_username_re, @@ -9,7 +9,8 @@ from base64 import urlsafe_b64encode, urlsafe_b64decode from Crypto.Cipher import AES from email.mime.text import MIMEText from functools import wraps -from flask import current_app, flash, g, redirect, render_template, request, session, url_for +from flask import current_app, flash, g, redirect, render_template, request, session +from flask import url_for as flask_url_for from flask.ext.wtf import ValidationError from hashlib import sha1 from random import randint @@ -227,3 +228,13 @@ class NotRegexp(Regexp): self.message = field.gettext(u'Invalid input.') raise ValidationError(self.message) + + +def url_for(endpoint, **values): + """Wrap `flask.url_for` so that it always returns https links""" + #XXX: Drop this in favor of config.PREFERRED_URL_SCHEME when we require Flask 0.9 + u = flask_url_for(endpoint, **values) + if '_external' in values and u.startswith('http://'): + return 'https://' + u[7:] + else: + return u |