- generated random key for secure cookies

- all answers saved in the database - sqlalchemy no longer uses scoped_session. it could cause problems mixing threading and asyncronous calls.

- generated random key for secure cookies
- all answers saved in the database - sqlalchemy no longer uses scoped_session. it could cause problems mixing threading and asyncronous calls.
Miguel Barão
1 parent 7731e737
Showing 4 changed files with 186 additions and 168 deletions Show diff stats
BUGS.md
app.py
questions.py
serve.py
@@ -2,19 +2,18 @@ BUGS:
 - questions hardcoded in LearnApp.
 - database hardcoded in LearnApp.
-- como gerar key para secure cookie.
 - implementar xsrf. Ver [http://www.tornadoweb.org/en/stable/guide/security.html#cross-site-request-forgery-protection]()
-- verificar se ha questoes
 TODO:
-- gravar answers -> db
 - como gerar uma sequencia de perguntas?
 - generators not working: bcrypt (ver blog)
 - implementar navegacao radio/checkbox. cursor cima/baixo, espaco selecciona, enter submete.
 SOLVED:
+- gravar answers -> db
+- como gerar key para secure cookie.
 - https. certificados selfsigned, no-ip nao suporta certificados
 - reset ao servidor mantem cookie no broser e rebenta. necessario fazer logout.
 - models.py tabela de testes não faz sentido.
 import random
 from contextlib import contextmanager  # `with` statement in db sessions
+from  datetime import datetime
 # libs
 import bcrypt
 from sqlalchemy import create_engine
-from sqlalchemy.orm import sessionmaker, scoped_session
+from sqlalchemy.orm import sessionmaker  #, scoped_session
 # this project
 import questions
-from models import Student
-
+from models import Student, Answer
 # ============================================================================
 # LearnApp - application logic
@@ -22,11 +22,13 @@ class LearnApp(object):
         self.online = {}
         # connect to database and check registered students
-        engine = create_engine('sqlite:///{}'.format('students.db'), echo=False)
-        self.Session = scoped_session(sessionmaker(bind=engine))
+        db = 'students.db'  # FIXME
+        engine = create_engine(f'sqlite:///{db}', echo=False)
+        # self.Session = scoped_session(sessionmaker(bind=engine))
+        self.Session = sessionmaker(bind=engine)
         try:
             with self.db_session() as s:
-                n = s.query(Student).filter(Student.id != '0').count()
+                n = s.query(Student).count() # filter(Student.id != '0').
         except Exception as e:
             print('Database not usable.')
             raise e
@@ -34,32 +36,25 @@ class LearnApp(object):
             print('Database has {} students registered.'.format(n))
     # ------------------------------------------------------------------------
-    def login_ok(self, uid, try_pw):
-        print('LearnApp.login')
-
+    def login(self, uid, try_pw):
         with self.db_session() as s:
             student =  s.query(Student).filter(Student.id == uid).one_or_none()
-        if student is None or student in self.online:
-            # student does not exist
-            return False
-
-        # hashedtry = yield executor.submit(bcrypt.hashpw,
-            # try_pw.encode('utf-8'), student.password)
-        hashedtry = bcrypt.hashpw(try_pw.encode('utf-8'), student.password)
+            if student is None or student in self.online:  # FIXME
+                return False    # student does not exist or already loggeg in
-        if hashedtry != student.password:
-            # wrong password
-            return False
+            hashedtry = bcrypt.hashpw(try_pw.encode('utf-8'), student.password)
+            if hashedtry != student.password:
+                return False    # wrong password
-        # success
-        self.online[uid] = {
-            'name': student.name,
-            'number': student.id,
-            'current': None,
-        }
-        print(self.online)
-        return True
+            # success
+            self.online[uid] = {
+                'name': student.name,
+                'number': student.id,
+                'current': None,
+            }
+            print(self.online)
+            return True
     # ------------------------------------------------------------------------
     # logout
@@ -67,14 +62,6 @@ class LearnApp(object):
         del self.online[uid]  # FIXME save current question?
     # ------------------------------------------------------------------------
-    # given the currect state, generates a new question for the student
-    def new_question_for(self, uid):
-        questions = list(self.factory)
-        nextquestion = self.factory.generate(random.choice(questions))
-        self.online[uid]['current'] = nextquestion
-        return nextquestion
-
-    # ------------------------------------------------------------------------
     def get_current_question(self, uid):
         return self.online[uid].get('current', None)
@@ -83,32 +70,61 @@ class LearnApp(object):
         return self.online[uid].get('name', '')
     # ------------------------------------------------------------------------
+    # given the currect state, generates a new question for the student
+    def new_question_for(self, uid):
+        # FIXME
+        questions = list(self.factory)
+        nextquestion = self.factory.generate(random.choice(questions))
+        print(nextquestion)
+        self.online[uid]['current'] = nextquestion
+        return nextquestion
+
+    # ------------------------------------------------------------------------
     # check answer and if correct returns new question, otherise returns None
     def check_answer(self, uid, answer):
         question = self.get_current_question(uid)
-        print('------------------------------')
         print(question)
         print(answer)
         if question is not None:
+            question['finish_time'] = datetime.now()
             grade = question.correct(answer)       # correct answer
-            correct = grade > 0.99999
-            if correct:
-                print('CORRECT')
-                return self.new_question_for(uid)
-            else:
-                print('WRONG')
-                return None
+
+            with self.db_session() as s:
+                s.add(Answer(
+                    ref=question['ref'],
+                    grade=question['grade'],
+                    starttime=str(question['start_time']),
+                    finishtime=str(question['finish_time']),
+                    student_id=uid))
+                s.commit()
+
+                correct = grade > 0.99999
+                if correct:
+                    print('CORRECT')
+                    question = self.new_question_for(uid)
+                    question['start_time'] = datetime.now()
+                    return question
+                else:
+                    print('WRONG')
+                    return None
         else:
             print('FIRST QUESTION')
-            return self.new_question_for(uid)
+            question = self.new_question_for(uid)
+            question['start_time'] = datetime.now()
+            return question
     # ------------------------------------------------------------------------
     # helper to manage db sessions using the `with` statement, for example
     #   with self.db_session() as s:  s.query(...)
     @contextmanager
     def db_session(self):
+        session = self.Session()
         try:
-            yield self.Session()
+            yield session
+            session.commit()
+        except:
+            session.rollback()
+            raise
         finally:
-            self.Session.remove()
+            session.close()
@@ -38,131 +38,17 @@ logger = logging.getLogger(__name__)
 try:
     import yaml
-    # import markdown
 except ImportError:
     logger.critical('Python package missing. See README.md for instructions.')
     sys.exit(1)
 else:
-    # all regular expressions in yaml files, for example
+    # allow regular expressions in yaml files, for example
     #       correct: !regex '[aA]zul'
     yaml.add_constructor('!regex', lambda l, n: re.compile(l.construct_scalar(n)))
-from tools import load_yaml, run_script #, md_to_html
+from tools import load_yaml, run_script
-# ===========================================================================
-# This class contains a pool of questions generators from which particular
-# Question() instances are generated using QuestionsFactory.generate(ref).
-# ===========================================================================
-class QuestionFactory(dict):
-    # -----------------------------------------------------------------------
-    def __init__(self):
-        super().__init__()
-
-    # -----------------------------------------------------------------------
-    # Add single question provided in a dictionary.
-    # After this, each question will have at least 'ref' and 'type' keys.
-    # -----------------------------------------------------------------------
-    def add(self, question):
-        # if ref missing try ref='/path/file.yaml:3'
-        try:
-            question.setdefault('ref', question['filename'] + ':' + str(question['index']))
-        except KeyError:
-            logger.error('Missing "ref". Cannot add question to the pool.')
-            return
-
-        # check duplicate references
-        if question['ref'] in self:
-            logger.error('Duplicate reference "{0}". Replacing the original one!'.format(question['ref']))
-
-        question.setdefault('type', 'information')
-
-        self[question['ref']] = question
-        logger.debug('Added question "{0}" to the pool.'.format(question['ref']))
-
-    # -----------------------------------------------------------------------
-    # load single YAML questions file
-    # -----------------------------------------------------------------------
-    def load_file(self, filename, questions_dir=''):
-        f = path.normpath(path.join(questions_dir, filename))
-        questions = load_yaml(f, default=[])
-
-        n = 0
-        for i, q in enumerate(questions):
-            if isinstance(q, dict):
-                q.update({
-                    'filename': filename,
-                    'path': questions_dir,
-                    'index': i                # position in the file, 0 based
-                    })
-                self.add(q)                   # add question
-                n += 1                        # counter
-            else:
-                logger.error('Question index {0} from file {1} is not a dictionary. Skipped!'.format(i, filename))
-
-        logger.info('Loaded {0} questions from "{1}".'.format(n, filename))
-
-    # -----------------------------------------------------------------------
-    # load multiple YAML question files
-    # -----------------------------------------------------------------------
-    def load_files(self, files, questions_dir=''):
-        for filename in files:
-            self.load_file(filename, questions_dir)
-
-    # -----------------------------------------------------------------------
-    # Given a ref returns an instance of a descendent of Question(),
-    # i.e. a question object (radio, checkbox, ...).
-    # -----------------------------------------------------------------------
-    def generate(self, ref):
-
-        # Depending on the type of question, a different question class will be
-        # instantiated. All these classes derive from the base class `Question`.
-        types = {
-            'radio'     : QuestionRadio,
-            'checkbox'  : QuestionCheckbox,
-            'text'      : QuestionText,
-            'text_regex': QuestionTextRegex,
-            'text_numeric': QuestionTextNumeric,
-            'textarea'  : QuestionTextArea,
-            # informative panels
-            'information': QuestionInformation,
-            'warning'   : QuestionInformation,
-            'alert'     : QuestionInformation,
-        }
-
-        # Shallow copy so that script generated questions will not replace
-        # the original generators
-        q = self[ref].copy()
-
-        # If question is of generator type, an external program will be run
-        # which will print a valid question in yaml format to stdout. This
-        # output is then converted to a dictionary and `q` becomes that dict.
-        if q['type'] == 'generator':
-            logger.debug('Running script to generate question "{0}".'.format(q['ref']))
-            q.setdefault('arg', '') # optional arguments will be sent to stdin
-            script = path.normpath(path.join(q['path'], q['script']))
-            out = run_script(script=script, stdin=q['arg'])
-            try:
-                q.update(out)
-            except:
-                q.update({
-                    'type': 'alert',
-                    'title': 'Erro interno',
-                    'text': 'Ocorreu um erro a gerar esta pergunta.'
-                    })
-        # The generator was replaced by a question but not yet instantiated
-
-        # Finally we create an instance of Question()
-        try:
-            qinstance = types[q['type']](q)   # instance with correct class
-        except KeyError as e:
-            logger.error('Unknown question type "{0}" in "{1}:{2}".'.format(q['type'], q['filename'], q['ref']))
-            raise e
-        except:
-            logger.error('Failed to create question "{0}" from file "{1}".'.format(q['ref'], q['filename']))
-        else:
-            logger.debug('Generated question "{}".'.format(ref))
-            return qinstance
 # ===========================================================================
@@ -492,3 +378,120 @@ class QuestionInformation(Question):
         super().correct(answer)
         self['grade'] = 1.0  # always "correct" but points should be zero!
         return self['grade']
+
+
+
+# ===========================================================================
+# This class contains a pool of questions generators from which particular
+# Question() instances are generated using QuestionsFactory.generate(ref).
+# ===========================================================================
+class QuestionFactory(dict):
+    # Depending on the type of question, a different question class will be
+    # instantiated. All these classes derive from the base class `Question`.
+    types = {
+        'radio'     : QuestionRadio,
+        'checkbox'  : QuestionCheckbox,
+        'text'      : QuestionText,
+        'text_regex': QuestionTextRegex,
+        'text_numeric': QuestionTextNumeric,
+        'textarea'  : QuestionTextArea,
+        # informative panels
+        'information': QuestionInformation,
+        'warning'   : QuestionInformation,
+        'alert'     : QuestionInformation,
+    }
+
+    # -----------------------------------------------------------------------
+    def __init__(self):
+        super().__init__()
+
+    # -----------------------------------------------------------------------
+    # Add single question provided in a dictionary.
+    # After this, each question will have at least 'ref' and 'type' keys.
+    # -----------------------------------------------------------------------
+    def add(self, question):
+        # if ref missing try ref='/path/file.yaml:3'
+        try:
+            question.setdefault('ref', question['filename'] + ':' + str(question['index']))
+        except KeyError:
+            logger.error('Missing "ref". Cannot add question to the pool.')
+            return
+
+        # check duplicate references
+        if question['ref'] in self:
+            logger.error('Duplicate reference "{0}". Replacing the original one!'.format(question['ref']))
+
+        question.setdefault('type', 'information')
+
+        self[question['ref']] = question
+        logger.debug('Added question "{0}" to the pool.'.format(question['ref']))
+
+    # -----------------------------------------------------------------------
+    # load single YAML questions file
+    # -----------------------------------------------------------------------
+    def load_file(self, filename, questions_dir=''):
+        f = path.normpath(path.join(questions_dir, filename))
+        questions = load_yaml(f, default=[])
+
+        n = 0
+        for i, q in enumerate(questions):
+            if isinstance(q, dict):
+                q.update({
+                    'filename': filename,
+                    'path': questions_dir,
+                    'index': i                # position in the file, 0 based
+                    })
+                self.add(q)                   # add question
+                n += 1                        # counter
+            else:
+                logger.error('Question index {0} from file {1} is not a dictionary. Skipped!'.format(i, filename))
+
+        logger.info('Loaded {0} questions from "{1}".'.format(n, filename))
+
+    # -----------------------------------------------------------------------
+    # load multiple YAML question files
+    # -----------------------------------------------------------------------
+    def load_files(self, files, questions_dir=''):
+        for filename in files:
+            self.load_file(filename, questions_dir)
+
+    # -----------------------------------------------------------------------
+    # Given a ref returns an instance of a descendent of Question(),
+    # i.e. a question object (radio, checkbox, ...).
+    # -----------------------------------------------------------------------
+    def generate(self, ref):
+
+        # Shallow copy so that script generated questions will not replace
+        # the original generators
+        q = self[ref].copy()
+
+        # If question is of generator type, an external program will be run
+        # which will print a valid question in yaml format to stdout. This
+        # output is then converted to a dictionary and `q` becomes that dict.
+        if q['type'] == 'generator':
+            logger.debug('Running script to generate question "{0}".'.format(q['ref']))
+            q.setdefault('arg', '') # optional arguments will be sent to stdin
+            script = path.normpath(path.join(q['path'], q['script']))
+            out = run_script(script=script, stdin=q['arg'])
+            try:
+                q.update(out)
+            except:
+                q.update({
+                    'type': 'alert',
+                    'title': 'Erro interno',
+                    'text': 'Ocorreu um erro a gerar esta pergunta.'
+                    })
+        # The generator was replaced by a question but not yet instantiated
+
+        # Finally we create an instance of Question()
+        try:
+            qinstance = self.types[q['type']](q)   # instance with correct class
+        except KeyError as e:
+            logger.error('Unknown question type "{0}" in "{1}:{2}".'.format(q['type'], q['filename'], q['ref']))
+            raise e
+        except:
+            logger.error('Failed to create question "{0}" from file "{1}".'.format(q['ref'], q['filename']))
+        else:
+            logger.debug('Generated question "{}".'.format(ref))
+            return qinstance
+
@@ -48,7 +48,7 @@ class WebApplication(tornado.web.Application):
             'static_path':   os.path.join(os.path.dirname(__file__), 'static'),
             'static_url_prefix': '/static/',  # this is the default
             'xsrf_cookies': False, # FIXME see how to do it...
-            'cookie_secret': base64.b64encode(uuid.uuid4().bytes),  # FIXME improve!
+            'cookie_secret': base64.b64encode(uuid.uuid4().bytes),
             'login_url': '/login',
             'debug': True,
         }
@@ -88,7 +88,7 @@ class LoginHandler(BaseHandler):
         pw = self.get_body_argument('pw')
         # print(f'login.post:  user={uid},  pw={pw}')
-        if self.learn.login_ok(uid, pw):
+        if self.learn.login(uid, pw):
             print('login ok')
             self.set_secure_cookie("user", str(uid), expires_days=30)
             self.redirect(self.get_argument("next", "/"))
@@ -175,4 +175,4 @@ def main():
 # ----------------------------------------------------------------------------
 if __name__ == "__main__":
-    main()
 \ No newline at end of file
+    main()
	@@ -2,19 +2,18 @@ BUGS:		@@ -2,19 +2,18 @@ BUGS:
2		2
3	- questions hardcoded in LearnApp.	3	- questions hardcoded in LearnApp.
4	- database hardcoded in LearnApp.	4	- database hardcoded in LearnApp.
5	-- como gerar key para secure cookie.
6	- implementar xsrf. Ver [http://www.tornadoweb.org/en/stable/guide/security.html#cross-site-request-forgery-protection]()	5	- implementar xsrf. Ver [http://www.tornadoweb.org/en/stable/guide/security.html#cross-site-request-forgery-protection]()
7	-- verificar se ha questoes
8		6
9	TODO:	7	TODO:
10		8
11	-- gravar answers -> db
12	- como gerar uma sequencia de perguntas?	9	- como gerar uma sequencia de perguntas?
13	- generators not working: bcrypt (ver blog)	10	- generators not working: bcrypt (ver blog)
14	- implementar navegacao radio/checkbox. cursor cima/baixo, espaco selecciona, enter submete.	11	- implementar navegacao radio/checkbox. cursor cima/baixo, espaco selecciona, enter submete.
15		12
16	SOLVED:	13	SOLVED:
17		14
		15	+- gravar answers -> db
		16	+- como gerar key para secure cookie.
18	- https. certificados selfsigned, no-ip nao suporta certificados	17	- https. certificados selfsigned, no-ip nao suporta certificados
19	- reset ao servidor mantem cookie no broser e rebenta. necessario fazer logout.	18	- reset ao servidor mantem cookie no broser e rebenta. necessario fazer logout.
20	- models.py tabela de testes não faz sentido.	19	- models.py tabela de testes não faz sentido.