Source code for invenio_accounts.views.settings
# -*- coding: utf-8 -*-
#
# This file is part of Invenio.
# Copyright (C) 2015-2018 CERN.
#
# Invenio is free software; you can redistribute it and/or modify it
# under the terms of the MIT License; see LICENSE file for more details.
"""Invenio user management and authentication."""
from flask import Blueprint, current_app
from flask_breadcrumbs import register_breadcrumb
from flask_menu import current_menu
from invenio_i18n import lazy_gettext as _
from invenio_theme.proxies import current_theme_icons
blueprint = Blueprint(
"invenio_accounts",
__name__,
url_prefix="/account/settings",
template_folder="../templates",
static_folder="static",
)
@blueprint.record_once
def post_ext_init(state):
"""."""
app = state.app
app.config.setdefault(
"ACCOUNTS_SITENAME", app.config.get("THEME_SITENAME", "Invenio")
)
app.config.setdefault(
"ACCOUNTS_BASE_TEMPLATE",
app.config.get("BASE_TEMPLATE", "invenio_accounts/base.html"),
)
app.config.setdefault(
"ACCOUNTS_COVER_TEMPLATE",
app.config.get("COVER_TEMPLATE", "invenio_accounts/base_cover.html"),
)
app.config.setdefault(
"ACCOUNTS_SETTINGS_TEMPLATE",
app.config.get("SETTINGS_TEMPLATE", "invenio_accounts/settings/base.html"),
)
[docs]@blueprint.before_app_first_request
def check_security_settings():
"""Warn if session cookie is not secure in production."""
in_production = not (current_app.debug or current_app.testing)
secure = current_app.config.get("SESSION_COOKIE_SECURE")
if in_production and not secure:
current_app.logger.warning(
"SESSION_COOKIE_SECURE setting must be set to True to prevent the "
"session cookie from being leaked over an insecure channel."
)