Commit dd20c1ee authored by Remi Rampin's avatar Remi Rampin

Prompt before setting cookies

parent bf7e8538
......@@ -82,6 +82,9 @@ MAIL_SERVER = {{
"port": 25,
}}
# Whether users must explicitly accept cookies before using the website
COOKIES_PROMPT = True
# Whether new users can create an account
REGISTRATION_ENABLED = True
......@@ -109,7 +112,7 @@ DEFAULT_CONFIG = {
}
REQUIRED_CONFIG = ['NAME', 'PORT', 'SECRET_KEY', 'DATABASE',
'EMAIL', 'MAIL_SERVER']
'EMAIL', 'MAIL_SERVER', 'COOKIES_PROMPT']
def main():
......@@ -236,6 +239,7 @@ def main():
PORT=int(args.port),
DATABASE=prepare_db(args.database),
SECRET_KEY=secret,
COOKIES_PROMPT=False,
)
if 'PROMETHEUS_LISTEN' in config:
......
......@@ -55,6 +55,7 @@ def make_app(config, debug=False, xsrf_cookies=True):
[
# Basic pages
URLSpec('/', views.Index, name='index'),
URLSpec('/cookies', views.CookiesPrompt, name='cookies_prompt'),
URLSpec('/login', views.Login, name='login'),
URLSpec('/logout', views.Logout, name='logout'),
URLSpec('/register', views.Register, name='register'),
......
......@@ -3,6 +3,8 @@ import hashlib
import hmac
import json
import logging
from urllib.parse import urlencode
import jinja2
import pkg_resources
import smtplib
......@@ -169,6 +171,22 @@ class BaseHandler(RequestHandler):
else:
return None
def set_cookie(self, name, value, domain=None,
expires=None, path='/', expires_days=None,
*, dont_check=False,
**kwargs):
if (dont_check or
not self.application.config['COOKIES_PROMPT'] or
self.get_cookie('cookies_accepted') or
self.get_cookie('user')):
return super(BaseHandler, self).set_cookie(name, value, **kwargs)
else:
return self.redirect(
self.reverse_url('cookies_prompt') +
'?' +
urlencode(dict(next=self.request.uri)),
)
def get_user_locale(self):
if self.current_user is not None:
user = self.db.query(database.User).get(self.current_user)
......
......@@ -63,6 +63,26 @@ class Index(BaseHandler):
return self.render('welcome.html')
class CookiesPrompt(BaseHandler):
PROM_PAGE.labels('cookies_prompt').inc(0)
def get(self):
PROM_PAGE.labels('cookies_prompt').inc()
return self.render('cookies_prompt.html',
next=self.get_argument('next', ''))
def post(self):
PROM_PAGE.labels('cookies_prompt').inc()
self.set_cookie('cookies_accepted', 'yes', dont_check=True)
next_ = self.get_argument('next', '')
if not next_:
next_ = self.reverse_url('index')
return self.redirect(next_)
def check_xsrf_cookie(self):
pass
class Login(BaseHandler):
PROM_PAGE.labels('login').inc(0)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment