Security updates and migration code for 0.6 #66
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Security patches
Postgres error fix
App config
- added env variable MIN_PASSCODE_LENGTH in .env.example (to be set by admin in .env) - added config variable for MIN_PASSCODE_LENGTH (default value = 6) - added decorator for performing passcode length check - decorated elections_voting_page()
Modified min passcode length to admin configurable value
- added text for min passcode length in vote.html - moved MIN_PASSCODE_LENGTH env variable with the topmost group
- added elections_view to handle ballot recovery - added ballots.html webpage to display in UI - updated Revoke Ballot button to View Ballot in single.html webpage
Updated UI for min passcode length
Added feature to view the ballot before revoke
Fixed CSS in View Ballot template
in the SQL models. Signed-off-by: Josh Berkus <[email protected]>
Signed-off-by: Josh Berkus <[email protected]>
Signed-off-by: Josh Berkus <[email protected]>
Signed-off-by: Josh Berkus <[email protected]>
kalkayan
approved these changes
Jun 28, 2022
|
Looks good to me, also kudos for the database migrations 🥳 |
|
@kalkayan honestly, I feel kind of dirty for writing an ad-hoc database migrator. But all the other options involved installing massive numbers of dependancies. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This merge incorporates all of @007vedant's security updates for his internship, including:
For more information on the above, see Vedant's many commits in the NewBallot branch.
It also incorporates an upgrade-in-place code snippet for migrating from 0.5 to 0.6. This is inserted through a fairly ad-hoc mechanism, because SQLAlchemy migrations was not able to perform the require migration steps without loss of data for production instances. Unfortunately, this also means that currently the migration code only works for PostgreSQL backends. Additional code for MySQL and SQLite would be very much desired, but more difficult because of the lack of transactional DDL and ALTER-time data transformations in those systems.
It also introduces schema version numbers. 0.5 is schema version 1, and 0.6 is version 2. Future changes to the schema should be represented by incrementing the version number and writing additional migration code.