coto / gae-boilerplate Goto Github PK
View Code? Open in Web Editor NEWGoogle App Engine Boilerplate
Home Page: https://dev-dot-sandengine.appspot.com/
License: Other
Google App Engine Boilerplate
Home Page: https://dev-dot-sandengine.appspot.com/
License: Other
Allow users to login to the site via their Facebook account once logged in say they could also then authorise their Third Parties account as a optional login method. This would allow the user to authenticate via any third party but end up with their user account on this site as the end result.
Also is necessary to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.
Requirements:
There are more information about Login with those services here:
It's necessary send this kind of email when the password is changed:
The password for your account - [email protected] - was recently changed.
If you made this change, you don't need to do anything more.
If you didn't change your password, your account might have been hijacked. To
get back into your account, you'll need to reset your password by clicking this
link: https://appengine.protoboard.cl/password-reset/[email protected].
Important account security tips:
Sincerely,
The Team
override the webapp2_extras.appengine.auth.models.User.create_user() method. More info: http://code.google.com/p/webapp-improved/issues/detail?id=57
We have a language.py where we have to write spanish code encoded (it means that you have to write á instead á), but the problem with the code is that running the code you see the text encode too.
see the code in spanish here
It's necessary use translation (dictionary or i18n lib) for messages in handlers.py like:
Test these features:
currently auth_id is username. I believe almost all apps require unique and verified (task #22) email for users whereas only a subset of apps use usernames. Therefore it may be a good idea to change auth_id to email and let users of the boilerplate decide whether username should be required or not (we can default it to required).
I think one of the most common setups is to make email the primary form of authentication and username would act more like a display name for forums, comments etc that other users see. Username would still need to be unique for this scenario but may or may not be required (for instance a user could be anonymous or the app may not need display names). But in almost all cases apps want emails so that they can email users notifications, reset passwords etc. And it can be assumed that there are no users without email.
An additional advantage of this change is that the registration can be made even faster on the home page: only email and password. Usernames can be chosen on the edit profile page later. This is not something everyone will want but it would be a nice option for some users who desire the easiest registration to promote more sign ups.
One question is what is the main identifier for twitter, facebook, linkedin, and google openid logins? ( feature #4 and #55) Is it username or email? I think this would help to drive this decision.
Allow users to login to the site via their LinkedIn account once logged in say they could also then authorise their Third Parties account as a optional login method. This would allow the user to authenticate via any third party but end up with their user account on this site as the end result.
Also is necessary to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.
Requirements:
There are more information about Login with those services here:
Create the view and controller for update user information for registered users
When the user wants to change your password, the system has to ask for password in order to made the change
https://developers.google.com/appengine/articles/openid#ui
(note that the other 3: facebook, twitter, and linkedin are oauth and are covered by other issues)
Currently we use SHA512 which is excellent but a user noted that bcrypt might be even better (see http://stackoverflow.com/questions/11458969/google-app-engine-choosing-the-right-direction/11496978#11496978). @coto have you looked at bcrypt? I've seen that it is much stronger but also much slower (see http://stackoverflow.com/questions/11393564/bcrypt-in-python).
Note rather than replacing SHA512 we could add it as an option to the encrypt utility function if its an easy option.
i'm seeing that when logging in with correct credentials from the homepage, the user is taken to the login page and wtforms displays that credentials are missing and need to be filled in again. somehow wtforms is not recognizing the credentials we are sending from the homepage. This is probably a minor issue. Is anyone else experiencing this?
Create a page that only admins can access that enables admins to view the visitors log, organize user accounts (view and delete users). Most importantly this will provide an example of how to create admin only areas and mark users as admins.
Here is the controller to Reset Password https://github.com/coto/gae-boilerplate/blob/master/web/handlers.py#L36
It has to send an email with a link with a token, this link has to send to this controller https://github.com/coto/gae-boilerplate/blob/master/web/handlers.py#L63 , match the new password and store on the datastore
Today is ready the feature to update user profile (User Kind on datastore), but when the user update the username or email (unique_properties for the user), the "Unique" kind on datastore is not updated.
Here is the Edit Profile Handler:
https://github.com/coto/gae-boilerplate/blob/master/web/handlers.py#L381
Here is the Edit Profile sample:
http://appengine.beecoss.com/settings/profile (you have to be logged)
When you force a 404 error, there are a TemplateNotFound, here is the log
errors/default_error.html
Traceback (most recent call last):
File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 1536, in call
rv = self.handle_exception(request, response, e)
File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2.py", line 1596, in handle_exception
return handler(request, response, e)
File "/base/data/home/apps/s~sandengine/latest.360189283466406656/main.py", line 28, in handle_404
t = jinja2.get_jinja2(app=app).render_template(template, **c)
File "/base/python27_runtime/python27_lib/versions/third_party/webapp2-2.5.1/webapp2_extras/jinja2.py", line 158, in render_template
return self.environment.get_template(_filename).render(**context)
File "/base/python27_runtime/python27_lib/versions/third_party/jinja2-2.6/jinja2/environment.py", line 719, in get_template
return self._load_template(name, self.make_globals(globals))
File "/base/python27_runtime/python27_lib/versions/third_party/jinja2-2.6/jinja2/environment.py", line 693, in _load_template
template = self.loader.load(self, name, globals)
File "/base/python27_runtime/python27_lib/versions/third_party/jinja2-2.6/jinja2/loaders.py", line 115, in load
source, filename, uptodate = self.get_source(environment, name)
File "/base/python27_runtime/python27_lib/versions/third_party/jinja2-2.6/jinja2/loaders.py", line 180, in get_source
raise TemplateNotFound(template)
TemplateNotFound: errors/default_error.html
If the very first request results in 404 any subsequent requests to home page fails with exception: UndefinedError: 'str' is undefined
. This can be seen both with SDK Server and Appengine.
The issue is caused by the error handler initializing jinja2 without the factory used in BaseHandler.
replace manual validation contained in controllers with wtforms
after choose any language, always the new url is http://DOMAIN/OLD_URL/?&hl=NEW_LANGUAGE,
but what happen when the OLD_URL has other parameters before?
I will try to use only links instead a list
We will continue using Bootstrap, but some people said would be better remove this page from boilerplate because all of them have to do it too
ssl using appspot is free.
custom domain ssl is in test mode by google.
would it be possible to cut out the oauth code using google's hosting of the code: https://developers.google.com/appengine/docs/python/oauth/overview
Note we need to check if this is oauth or oauth2. Also if we can use this then we may not need httplib2. we should also check if this idea supports https.
Move external libraries like:
into one folder (external)
observation: user can only login with username. logging via email does not work
cause: auth_id set to username so email is not a valid auth_id
solution: either remove the text on the boilerplate that indicates that user can "Enter your Username or Email" and replace with "Enter your Username" or add email as an auth_id
i18n.py can be cleaned up:
both jquery validation and wtforms require fixes for translation to function.
related stack overflow query: http://stackoverflow.com/questions/11425042/lazy-gettext-error-on-google-app-engine-with-python-webapp2-babel
add login and logout buttons on top bar (example: http://duolingo.com/)
Right now, the app.yaml specifies "latest" for the webapp2 version. For a produciton app, this is bad practice since newer library versions will be added in future releases which may not be 100% backwards compatible. Currently, the only webapp2 version available is "2.3" so that should be specified in the app.yaml file. For reference, you can see which versions of a library exist by looking for the SUPPORTED_LIBRARIES dict in google/appengine/api/appinfo.py in the SDK.
cross site request forgery and other security measures should be implemented as seen in http://guides.rubyonrails.org/security.html
in the menu has to appear for spanish:
English - Inglés
Italian - Italiano
Chinese - 简体中文
where the second word never change when the user choose another language
The code is commented in order to have a functional version for now
https://github.com/coto/gae-boilerplate/blob/master/templates/boilerplate_register.html#L36
Allow users to login to the site via their Twitter account once logged in say they could also then authorise their Third Parties account as a optional login method. This would allow the user to authenticate via any third party but end up with their user account on this site as the end result.
Also is necessary to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.
Requirements:
There are more information about Login with those services here:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.