Some security fixes.

This commit is contained in:
Raoul Snyman 2010-01-19 22:36:23 +02:00
commit cac7d13239

View File

@ -35,12 +35,37 @@ def setup_app(command, conf, vars):
conf.local_conf['setup-app'] = True
load_environment(conf.global_conf, conf.local_conf)
import os
import hashlib
import hmac
from scribeengine.model.meta import metadata, Session, engine
from scribeengine.model import Category, Permission, Post, Variable, \
User, Role
if os.name == 'posix':
import readline
# Let's prompt the user for an e-mail address, password and nick for the first user in the system.
print 'First User:'
email = raw_input('E-mail address [admin@scribeengine.org]: ')
password = raw_input('Password [P@ssw0rd]: ')
nick = raw_input('Nick [Admin]: ')
if not email:
email = u'admin@scribeengine.org'
else:
email = unicode(email)
if not password:
password = u'P@ssw0rd'
else:
password = unicode(password)
if not nick:
nick = u'Admin'
else:
nick = unicode(nick)
password = unicode(hmac.new(conf[u'security.salt'], password,
hashlib.sha256).hexdigest(), u'utf-8')
# Create the tables if they don't already exist
metadata.create_all(bind=engine, checkfirst=True)
@ -57,10 +82,7 @@ def setup_app(command, conf, vars):
role_admin = Role(name=u'Administrator')
role_admin.permissions.extend([perm_addposts, perm_editmyposts, perm_delmyposts])
password = unicode(hmac.new(conf[u'security.salt'], u'password',
hashlib.sha256).hexdigest(), u'utf-8')
user = User(email=u'admin@scribeengine.org',
password=password, nick=u'admin')
user = User(email=email, password=password, nick=nick)
user.roles.append(role_admin)
Session.add_all([blog_title, blog_slogan, user])