From bc60a105f7fc01adb37f158f89776817be836f32 Mon Sep 17 00:00:00 2001 From: redshiftzero Date: Wed, 11 May 2016 08:13:50 -0500 Subject: [PATCH 01/98] Update READMEs --- DEPLOY.md | 12 ++++++++++++ README.md | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 DEPLOY.md diff --git a/DEPLOY.md b/DEPLOY.md new file mode 100644 index 000000000..0807a433a --- /dev/null +++ b/DEPLOY.md @@ -0,0 +1,12 @@ +# Deployment + +When this application is deployed you should do some extra things. + +## CSRF attacks + +Change the secret key used for generating tokens to prevent cross-site request forgery (CSRF) attacks in `config.py`: + +``` +WTF_CSRF_ENABLED = True +SECRET_KEY = 'changemeplzorelsehax' +``` diff --git a/README.md b/README.md index 0127c674e..72d95f351 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ As a proof of concept, OpenOversight currently uses the Chicago Police Departmen Our technology stack: * We use Python 2.7 as we have deps not yet Python 3 compatible * Machine learning and facial recognition: openface, opencv - * Web frontend: Flask + * Web frontend: Flask, WTForms for input validation * Database backend: psycopg2, PostgreSQL * ETL toolchain: pandas, sqlalchemy From 768d48cce0825dee12e57e2e6ff9281cbe13d137 Mon Sep 17 00:00:00 2001 From: redshiftzero Date: Wed, 11 May 2016 08:13:56 -0500 Subject: [PATCH 02/98] Add setup.py --- setup.py | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 setup.py diff --git a/setup.py b/setup.py new file mode 100644 index 000000000..704c5b5a4 --- /dev/null +++ b/setup.py @@ -0,0 +1,7 @@ +from setuptools import setup + +setup(name="OpenOversight", version="1.0", + description="Oversight of Police Departments", + author="redshiftzero", author_email="jen@redshiftzero.com", + install_requires=['flask', 'werkzeug', 'Flask-WTF'] + ) From fbefa7c36befa9ff16305dd4193cf525e85059e6 Mon Sep 17 00:00:00 2001 From: redshiftzero Date: Wed, 11 May 2016 08:14:13 -0500 Subject: [PATCH 03/98] Add example config --- OpenOversight/config.py | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 OpenOversight/config.py diff --git a/OpenOversight/config.py b/OpenOversight/config.py new file mode 100644 index 000000000..7bff960bf --- /dev/null +++ b/OpenOversight/config.py @@ -0,0 +1,7 @@ +# File Upload Settings +UNLABELLED_UPLOADS = 'uploads/' +ALLOWED_EXTENSIONS = set(['png', 'jpg', 'jpeg', 'mpeg', 'mp4']) + +# Form Settings +WTF_CSRF_ENABLED = True +SECRET_KEY = 'changemeplzorelsehax' From 42ae1fa4f2f51ba1a55b60d3a99b693c8105bd50 Mon Sep 17 00:00:00 2001 From: redshiftzero Date: Wed, 11 May 2016 09:59:56 -0500 Subject: [PATCH 04/98] Add flash() messaging to base template --- OpenOversight/app/templates/base.html | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/OpenOversight/app/templates/base.html b/OpenOversight/app/templates/base.html index bf3ff7b7c..26a2fef3a 100644 --- a/OpenOversight/app/templates/base.html +++ b/OpenOversight/app/templates/base.html @@ -56,6 +56,14 @@ + {% with messages = get_flashed_messages() %} + {% if messages %} +
    + {% for message in messages %} +
  • {{ message }}
  • + {% endfor %} + {% endif %} + {% endwith %} {% block content %}{% endblock %}
    From 71166ecfc70e3f63a68a4c485ab389b172a73dae Mon Sep 17 00:00:00 2001 From: redshiftzero Date: Wed, 11 May 2016 10:00:21 -0500 Subject: [PATCH 05/98] Show user errors if form input not validated --- .../app/templates/input_find_officer.html | 27 +++++++++++++++++++ OpenOversight/app/views.py | 1 + 2 files changed, 28 insertions(+) diff --git a/OpenOversight/app/templates/input_find_officer.html b/OpenOversight/app/templates/input_find_officer.html index f4c5f073f..0350d4e02 100644 --- a/OpenOversight/app/templates/input_find_officer.html +++ b/OpenOversight/app/templates/input_find_officer.html @@ -14,25 +14,49 @@

    Find an Officer

    Agency Information

    Department: {{ form.dept }}

    + {% for error in form.dept.errors %} +

    [{{ error }}]

    + {% endfor %}

    Don't see your department? Want to bring OpenOversight to your city? Email us at OpenOversight.

    Rank: {{ form.rank }}

    + {% for error in form.rank.errors %} +

    [{{ error }}]

    + {% endfor %}

    Race: {{ form.race }}

    + {% for error in form.race.errors %} +

    [{{ error }}]

    + {% endfor %}

    Gender: {{ form.gender }}

    + {% for error in form.gender.errors %} +

    [{{ error }}]

    + {% endfor %}

    Age: {{ form.min_age(size=4) }} to {{ form.max_age(size=4) }}

    + {% for error in form.min_age.errors %} +

    [{{ error }}]

    + {% endfor %} + {% for error in form.max_age.errors %} +

    [{{ error }}]

    + {% endfor %}

    Latitude: {{ form.latitude(size=10) }}

    + {% for error in form.latitude.errors %} +

    [{{ error }}]

    + {% endfor %}

    Longitude: {{ form.longitude(size=10) }}

    + {% for error in form.longitude.errors %} +

    [{{ error }}]

    + {% endfor %}

    The location of where the event occured can help us identify an officer.