Create the account at the first launch of WebRunner

slapos/runner/__init__.py

@@ -118,15 +118,9 @@ def serve(config):
     workspace = workdir,
     instance_profile='instance.cfg',
     software_profile='software.cfg',
-    SECRET_KEY='123',
+    SECRET_KEY=os.urandom(24),
   )
   if not os.path.exists(workdir):
     os.mkdir(workdir)
-  if not os.path.exists(os.path.join(config.runner_workdir, '.users')):
-    #set default user and password
-    salt = "runner81" #to be changed
-    pwd = hashlib.md5( salt + "insecure" ).hexdigest()
-    user = "root;"+pwd+";;Slaprunner Administrator"
-    open(os.path.join(config.runner_workdir, '.users'), 'w').write(user)
   app.run(host=config.runner_host, port=int(config.runner_port),
       debug=config.debug, threaded=True)

slapos/runner/static/css/styles.css

@@ -72,6 +72,7 @@ overflow-y: scroll;
     text-align: left;
     padding-left: 20px;
     height: 30px;
+    position:relative;
 }
 
 #header .run{
@@ -706,7 +707,7 @@ input[type=radio]:hover {
 #login-page{width:429px; height:236px; margin:130px auto 0px; background:url(../images/loginBox.png) no-repeat;
 padding:10px; font-size:14px; color:#03406A}
 #login-page h2{color:#fff; font-size:26px; font-weight:normal; text-indent:50px;}
-.login-content{margin:10px; margin-top:40px; margin-bottom:0; height:90px;}
+.login-content{position:relative;margin:10px; margin-top:30px; margin-bottom:0;}
 .login-button{width:140px; margin:0 auto;}
 .login-element{float:left; min-width:120px;}
 .login-label{padding:5px; font-size:16px;}

slapos/runner/static/js/jquery/jqueryToolTip.js

@@ -9,7 +9,7 @@ $(function () {
     $('a[rel=tooltip], a[rel=tooltip-min], .popup').mouseover(function () {
         var height = $(this).height();
         var top = $(this).offset().top + height;
-        var left = $(this).offset().left - ($(this).width() /2);
+        var left = $(this).offset().left +($(this).width()/2)-30;
         var content = "#tooltip-" + $(this).attr('id');
         if (hideDelayTimer) clearTimeout(hideDelayTimer);
         if (beingShown || shown) {
@@ -17,14 +17,6 @@ $(function () {
         } else {
             $('#jqtooltip').empty();
             var contentValue = $(content).clone(true, true);
-            /*$(contentValue).find("*").each(function(index, element) {
-              if(element.id){element.id = "jqt_" + element.id;}
-               if($(this).attr('for')){$(this).attr('for', 'jqt_' + $(this).attr('for'))}
-               //var events = $(content).get[0];
-               //for (var type in events)
-  		          // for (var handler in events[type])
-				          // jQuery.event.add(this, type, events[type][handler], events[type][handler].data);
-            });*/
             $(contentValue).appendTo('#jqtooltip');
             $('#jqtooltip ' + content).show();
             // reset position of info box

slapos/runner/static/js/scripts/account.js

@@ -14,6 +14,10 @@ $(document).ready( function() {
 			$("#error").Popup("Please enter a valid email adress!", {type:'alert', duration:3000});
 			return false;
 		}
+    if($("input#hasAccount").val() === "" && !$("input#password").val().match(/^[\w\d\._-]+$/)){
+      $("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
+      return false;
+    }
     if($("input#password").val() !== ""){
       if($("input#password").val() === "" || !$("input#password").val().match(/^[\w\d\._-]+$/)){
       	$("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
@@ -34,7 +38,7 @@ $(document).ready( function() {
 				password:((haspwd) ? $("input#password").val():"")},
 			success: function(data){
         if(data.code ==1){
-          $("#error").Popup("Your account informations has been saved!", {type:'confirm', duration:3000});
+          location.href = $SCRIPT_ROOT+"/"
         }
         else{
           $("#error").Popup(data.result, {type:'error', duration:5000});

slapos/runner/templates/account.html

@@ -29,7 +29,10 @@
     <div class='clear'></div>
     <br/><br/><br/>
   </div>
-  <div id="file_info" class="file_info">leave passwords blank to preserve your current password...</div>
+  <div id="file_info" class="file_info">{% if username %}leave passwords blank to preserve your current password...{%else%}
+    Before starting, please fill your personal informations... {%endif%}
+  </div>
   <br/>
+  <input type="hidden" name="hasAccount" id="hasAccount" value="{{name}}"/>
 </form>
 {% endblock %}

slapos/runner/templates/login.html

@@ -6,17 +6,26 @@
 {% block body %}
 <form method="POST" action="">
   <h2>Login to Slapos Web Runner</h2>
-  <div class="login-content">
+  <div class="login-content"><br/>
     <div class="login-element login-label"><label for="clogin">Your login&nbsp; : </label></div>
     <div class="login-element"><input type="text" class="login-input" name="clogin" id="clogin" value="Enter login..." /></div><br/><br/>
     <div class="clear"></div>
     <div class="login-element login-label"><label for="cpwd">Password : </label></div>
     <div class="login-element"><input type="password" class="idleField login-input" name="cpwd" id="cpwd" value="******" /></div>
     <div class="clear"></div>
+    <!--<br/><a href="#" id="information" rel="tooltip">do you need help?</a><br/>-->
   </div>
-  <div style="text-align:center">
+  <div style="text-align:center; margin-top:7px;">
     <input type="reset" class="button" value="reset" />
     <input type="submit" class="button" id="login" value="login" />
   </div>
 </form>
+<!--
+<div id="tooltip-information" style="display:none">
+<p style="font-size:12px;">
+If it is your first connexion, use default parameters:<br/>
+login: <strong>root</strong>, password: <strong>insecure</strong> and set your
+one<br/> parameters at <strong>home->Your Account</strong>.
+</p>
+</div>-->
 {% endblock %}
\ No newline at end of file

slapos/runner/utils.py

@@ -56,10 +56,17 @@ def checkLogin(config, login, pwd):
   user = getSession(config)
   salt = "runner81" #to be changed
   current_pwd = hashlib.md5( salt + pwd ).hexdigest()
-  if current_pwd == user[1]:
+  if user and current_pwd == user[1] and login == user[0]:
     return user
   return False
 
+def checkSession(config, session, account):
+  """Return True if current user is connected with rigth data"""
+  if 'account' in session and account:
+    return (session['account'][0] == account[0] and
+              session['account'][1] == account[1])
+  return False
+
 def getSession(config):
   """
   Get the session data of current user.
@@ -99,6 +106,7 @@ def saveSession(config, session, account):
       account[1] = hashlib.md5(salt + account[1]).hexdigest()
     else:
       account[1] = session['account'][1]
+    if 'account' in session:
       #backup previous data
       open(user+'.back', 'w').write(';'.join(session['account']))
       backup = True

slapos/runner/views.py

@@ -14,13 +14,18 @@ app = Flask(__name__)
 #Access Control: Only static files and login pages are allowed to guest
 @app.before_request
 def before_request():
-  if (not session.has_key('account') or not session['account']) \
-    and request.path != '/login' \
-    and request.path != '/doLogin' and not  request.path.startswith('/static'):
+  if not request.path.startswith('/static'):
+    account = getSession(app.config)
+    if account:
+      if request.path != '/login' and request.path != '/doLogin' and \
+          not checkSession(app.config, session, account):
         return redirect(url_for('login'))
-  if session.has_key('account') and session['account']:
       session['title'] = getProjectTitle(app.config)
-    session['account'] = getSession(app.config)
+    else:
+      session.pop('account', None)
+      session['title'] = "No account is defined"
+      if request.path != "/updateAccount" and request.path != "/myAccount":
+        return redirect(url_for('myAccount'))
 
 # general views
 @app.route('/')
@@ -33,12 +38,15 @@ def login():
 
 @app.route("/myAccount")
 def myAccount():
+  if 'account' in session:
     return render_template('account.html', username=session['account'][0],
       email=session['account'][2], name=session['account'][3].decode('utf-8'))
+  else:
+    return render_template('account.html')
 
 @app.route("/logout")
 def logout():
-  session['account'] = None
+  session.pop('account', None)
   return redirect(url_for('login'))
 
 @app.route('/configRepo')