About to do security

getting_started/04-scaffold/index.rst

@@ -0,0 +1,88 @@
+=====================================
+4: Quick Project Start With Scaffolds
+=====================================
+
+Getting started quickly on a Python application requires,
+as we just saw, several steps. Like other popular web frameworks,
+Pyramid provides a facility called "scaffolds" that let you quickly
+generate the basics of a Pyramid application.
+
+Objectives
+==========
+
+- Use ``pcreate`` to see what scaffolds are available
+
+- Create and install a sample project using one of the available
+  scaffolds
+
+Steps
+=====
+
+#. ``(env33)$ cd ..; mkdir step03; cd step03``
+
+#. See the usage for ``pcreate``:
+
+   .. code-block:: bash
+
+    (env33)$ pcreate --help
+
+#. List the available scaffolds:
+
+   .. code-block:: bash
+
+    (env33)$ pcreate --list
+
+#. Make a new Python project called ``tutorial`` using ``starter``
+   as a starting point:
+
+   .. code-block:: bash
+
+    (env33)$ pcreate -s starter tutorial
+
+
+#. Visit that project and see the project contents:
+
+   .. code-block:: bash
+
+    (env33)$ cd tutorial; ls
+
+#. Install your new project:
+
+   .. code-block:: bash
+
+    (env33)$ python3.3 setup.py develop
+
+#. Run the WSGI application with:
+
+   .. code-block:: bash
+
+    (env33)$ pserve development.ini
+
+#. Open ``http://127.0.0.1:6543/`` in your browser. *Different port
+   number!*
+
+Analysis
+========
+
+Pyramid has a number of scaffold *templates* that provide different
+starting points. ``starter`` is the most basic. ``alchemy`` is useful
+for developers wanting SQLAlchemy as a starting point. These scaffolds
+provide a way for Pyramid to remain unopinionated,
+but still provide starting points with a set of opinions.
+
+When you visited this project in your browser, you might have seen the
+``pyramid_debugtoolbar`` in action. This is a handy helper during
+development.
+
+.. note::
+
+  The remaining steps in this tutorial do not use scaffolds,
+  as we want to teach the various decisions being made.
+
+Extra Credit
+============
+
+#. If you make a project with one of the scaffolds, can you still
+   share your project with others?
+
+#. Can you make scaffolds for your own Pyramid projects?

getting_started/09-forms/development.ini

@@ -0,0 +1,30 @@
+[app:main]
+use = egg:tutorial
+pyramid.reload_templates = true
+
+[server:main]
+use = egg:pyramid#wsgiref
+host = 0.0.0.0
+port = 6547
+
+[loggers]
+keys = root
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = INFO
+handlers = console
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s

getting_started/08-forms/index.rst → getting_started/09-forms/index.rst

@@ -1,16 +1,6 @@
-====================
-8: Forms With Deform
-====================
-
-
-- setup.py has dependency on deform
-- add static view in __init__ for deform
-- head-more in layout
-- lot of redundant type (e.g. <more>)
-- models.py
-
-Goals
-=====
+===================================
+9: Forms and Validation With Deform
+===================================
 
 
 Objectives
@@ -20,6 +10,7 @@ Objectives
 Steps
 =====
 
+
 #. Again, let's use the previous package as a starting point for a new
    distribution. Also, make a directory for the templates:
 

getting_started/09-forms/setup.py

@@ -0,0 +1,12 @@
+from setuptools import setup
+
+requires = [
+    'pyramid',
+]
+
+setup(name='tutorial',
+      entry_points="""\
+      [paste.app_factory]
+      main = tutorial:main
+      """,
+)

getting_started/08-forms/tutorial/models.py → getting_started/09-forms/tutorial/models.py

@@ -2,4 +2,4 @@
     '100': dict(uid='100', title='Page 100', body='<em>100</em>'),
     '101': dict(uid='101', title='Page 101', body='<em>101</em>'),
     '102': dict(uid='102', title='Page 102', body='<em>102</em>')
-}
+}

getting_started/09-forms/tutorial/static/wiki.css

@@ -0,0 +1,8 @@
+body {
+    font-family: sans-serif;
+    margin: 2em;
+}
+
+h1 a {
+    vertical-align: bottom;
+}

getting_started/09-forms/tutorial/templates/layout.pt

@@ -0,0 +1,25 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:metal="http://xml.zope.org/namespaces/metal"
+      xmlns:tal="http://xml.zope.org/namespaces/tal"
+      metal:define-macro="layout">
+<head>
+    <title>Wiki - ${title}</title>
+    <more metal:define-slot="head-more"></more>
+    <link rel="stylesheet"
+          href="${request.static_url('tutorial:static/wiki.css')}"/>
+</head>
+<body>
+<div id="main">
+    <h1>
+        <a href="${request.route_url('wiki_view')}">
+            <img src="${request.static_url('tutorial:static/logo.png')}"
+                 alt="Logo"/></a>
+        ${title}</h1>
+
+    <div metal:define-slot="content">
+    </div>
+</div>
+</body>
+</html>

getting_started/09-forms/tutorial/templates/wiki_view.pt

@@ -0,0 +1,13 @@
+<div metal:use-macro="view.layout">
+    <div metal:fill-slot="content">
+        <a href="${request.route_url('wikipage_add')}">Add
+            WikiPage</a>
+        <ul>
+            <li tal:repeat="page pages">
+                <a href="${request.route_url('wikipage_view', uid=page.uid)}">
+                    ${page.title}
+                </a>
+            </li>
+        </ul>
+    </div>
+</div>

getting_started/09-forms/tutorial/templates/wikipage_addedit.pt

@@ -0,0 +1,18 @@
+<div metal:use-macro="view.layout">
+    <more tal:omit-tag="" metal:fill-slot="head-more">
+        <tal:block repeat="reqt view.reqts['css']">
+            <link rel="stylesheet" type="text/css"
+                  href="${request.static_url('deform:static/' + reqt)}"/>
+        </tal:block>
+        <tal:block repeat="reqt view.reqts['js']">
+            <script src="${request.static_url('deform:static/' + reqt)}"
+                    type="text/javascript"></script>
+        </tal:block>
+    </more>
+    <div metal:fill-slot="content">
+        <p>${structure: form}</p>
+        <script type="text/javascript">
+            deform.load()
+        </script>
+    </div>
+</div>

getting_started/09-forms/tutorial/templates/wikipage_view.pt

@@ -0,0 +1,12 @@
+<div metal:use-macro="view.layout">
+    <div metal:fill-slot="content">
+        <a href="${request.route_url('wikipage_edit', uid=uid)}">
+            Edit
+        </a> |
+        <a href="${request.route_url('wikipage_delete', uid=uid)}">
+            Delete
+        </a>
+
+        <p>${structure: page.body}</p>
+    </div>
+</div>

getting_started/09-forms/tutorial/tests.py

@@ -0,0 +1,42 @@
+import unittest
+
+from pyramid import testing
+
+
+class WikiViewTests(unittest.TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_wiki_view(self):
+        from tutorial.views import WikiViews
+
+        request = testing.DummyRequest()
+        inst = WikiViews(request)
+        response = inst.wiki_view()
+        self.assertEqual(response['title'], 'Welcome to the Wiki')
+
+
+class WikiFunctionalTests(unittest.TestCase):
+    def setUp(self):
+        from tutorial import main
+
+        settings = {}
+        app = main(settings)
+        from webtest import TestApp
+
+        self.testapp = TestApp(app)
+
+    def test_it(self):
+        res = self.testapp.get('/', status=200)
+        self.assertIn(b'Welcome', res.body)
+        res = self.testapp.get('/add', status=200)
+        self.assertIn(b'Add Wiki Page', res.body)
+        res = self.testapp.get('/100', status=200)
+        self.assertIn(b'100', res.body)
+        res = self.testapp.get('/100/edit', status=200)
+        self.assertIn(b'Edit', res.body)
+        res = self.testapp.get('/100/delete', status=302)
+        self.assertIn(b'Found', res.body)

getting_started/08-forms/tutorial/views.py → getting_started/09-forms/tutorial/views.py

@@ -46,7 +46,7 @@ def wikipage_add(self):
         if 'submit' in self.request.params:
             controls = self.request.POST.items()
             try:
-                appstruct = wiki_form.validate(controls)
+                appstruct = self.wiki_form.validate(controls)
             except deform.ValidationFailure as e:
                 # Form is NOT valid
                 return dict(title='Add Wiki Page', form=e.render())
@@ -106,4 +106,4 @@ def wikipage_delete(self):
         del pages[uid]
 
         url = self.request.route_url('wiki_view')
-        return HTTPFound(url)
+        return HTTPFound(url)

getting_started/10-security/development.ini

@@ -0,0 +1,30 @@
+[app:main]
+use = egg:tutorial
+pyramid.reload_templates = true
+
+[server:main]
+use = egg:pyramid#wsgiref
+host = 0.0.0.0
+port = 6547
+
+[loggers]
+keys = root
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = INFO
+handlers = console
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s