Initial PR (complete layout tool) #14

This orphan branch marks the the clean slate for a new in-toto layout creation wizard, which will be based on UI mockups: https://github.com/in-toto/layout-web-tool/tree/editor-and-wizard-wip/mockups Isolated snippets and ideas from the pure layout editor (WIP) https://github.com/in-toto/layout-web-tool/tree/develop and the basic wizard plus editor (WIP) https://github.com/in-toto/layout-web-tool/tree/editor-and-wizard-wip might end up in this branch. If we want to have a single flask app with a wizard and a editor module, we should consider using blueprints: http://flask.pocoo.org/docs/0.12/blueprints/ This commit provides some basic Flask web scaffolding.

An option group consists of an image (e.g. a logo), a name and an input type (radio or checkbox depending on whether multiple options are possible or not). If a user picks an option a form will be opened to add additional information for that option. An option can be for example a particular version control system, or a build command. The opened form will be pre-populated with the appropriate command. The user can then customize or change the command associated with that option.

SASS (Syntactically Awesome Stylesheets)[1] is a CSS preprocessor which makes writing CSS a lot easier, especially when including frontend frameworks (e.g. Bootstrap). This commit - replaces the main .css file with an empty .scss file, which will be compiled into .css (plus source map -> your browser's developer tools will need them). - adds the python scss compiler (libsass) to requirements.txt - adds a flask middleware to wizard.py to re-compile scss on each request. Alternatively, you can run a sass watcher in the project root, which will automatically compile on change. This is very useful when mapping files in your browser's developer console -> no need to refresh: ``` gem install sass sass --watch static/scss/main.scss:static/css/main.scss.css ``` [1] http://sass-lang.com/

- Adds package.json to install Bootstrap 4 (alpha) (use `npm install`) - Adds Boostrap HTML scaffolding - Import Boostrap scss sources in main scss (we'll probably remove some of them later) - Adds JS links to CDN (tempfix -> need to find a way to import them from node_modules, e.g. using `gulp`) - Adds node_modules to .gitignore

This commit rewrites the basic option groups (c.f. 5de29f0) using bootstrap grid layout and form classes in scss. Note that bootstrap classes are not written in HTML but rather included (e.g.: @extend .row) with custom classes using scss.

- Adds dummy opt-rows to see how this will look like. - Adds style for recess effect (this is where the forms will go), effect mostly taken from boostrap 3's "well". - Updates forms to align with bootstrap 4

- Removes topmost horizontal ruler and adds margin to progress bar - Removes links inheritance block (might be re-added after UI proto- typing) - Exchanges slim jquery with regular jquery CDN link (for fadeIn)

Basic versioning page consists of a grid for predefined options (currently dummy options) with radio buttons and a form (input field) that expands below the option. Additionally, there is a button to add a custom VCS commands (currently not limited to one - this should probably be changed). Expand/collapse and show/hide is performed using custom JS. The look and feel for this page probably won't change a lot but the code structure could be more elegant, (e.g. not one .row per "row"). Also I went back to style using bootstrap classes in the HTML instead of extending custom classes in SCSS - while this makes the HTML more convoluted, it is easier for me during prototyping (trying out bootstrap classes).

Adds a modal (overlay) that appears when clicking next on the versioning page and asks for a consent to clone the repo.

Creates new partials directory for templates that will be used repeatedly and adds partial with dummy versioning code.

@pooledge

As announced in 433f469 this commit cleans up the code structure of the options grid. There are no visible changes in the UI but the HTML and CSS looks like it should now. Changes: All cells are in a single `.row` div and the amount of cells actually visible on a single row depends on an SCSS constant (one per screen width breakpoint). Furthermore, each form is a direct child of an option cell and the effect of showing it in the subsequent is controlled using SCSS (above all media queries). Kudos to mix(in)-master-@pooledge and his awesome styling skills.

Macros are more flexible than included templates in terms of passing variables and nesting. This commit adds two macros one for the option grid and one for the custom options, both used in several pages of the wizard. Small variations between macro calling templates are handled using keyword arguments, whereas bigger variations (e.g. the expanded form contents) are handled using the macro call syntax [1]. Note: the call blocks themselves could be DRYed using markups. [1] http://jinja.pocoo.org/docs/2.9/templates/#call

- fixes indentation - removes comment - adds empty footer div, for now just for the margin, later add content

Boostrap's `collapse` shows error messages in the console, now uses tailor-made Jquery `slideUp`, `slideDown`, `slideToggle` instead. Also, replaces-id based targeting with relation-based, i.e. Click on `.opt-content` opens `.opt-form-cont` that has the same parent `.opt-cell`, which is more flexible.

The building page uses `option_grid` and `option_custom` macros with form call blocks, slighly different from versioning page.

`libsass` was used to compile *.scss to *.css on each request. Using the ruby `sass` cli tool with the `--watch` option instead to auto compile css on file change makes `libsass` obsolete. sass watch command, run in project root ``` sass --watch static/scss/main.scss:static/css/main.scss.css ```

All required vendor js files are installed to a local node_modules dir when running `npm install` in the root of the project. Instead of serving those assets directly from node_modules (or from a CDN as we used to), we use gulp.js[1] to copy them to a place where flask expects, i.e. the ./static/ dir. Note: Later we could add `gulp` tasks to concatenate and/or minify or uglify the assets on copy. Furthermore, this commit - adds installation instructions and development tips to README.md - and adds a html5 drag and drop sorting JS library to package.json [1] http://gulpjs.com/

Since there will be multiple building steps, the selected options should be sortable here. Todo: - Hook the sort container up with the options below, i.e. add/ remove on select/deselect - Think about position of the sorting container

Jinja has a handy lispum function http://jinja.pocoo.org/docs/2.9/templates/#lipsum

The QA page is similarly structured like VCS and building (without a sorting section), with a grid of predefined QA options with expandable forms and a section to add custom commands. Since the form is more complex than in the previous pages this commit also introduces a page internal macro for the form for DRY in predefined and custom option forms.

Similar like previous pages, with an option grid and a section to add custom options.

- Adds body background - Adds container borders - Enables box shadow for form inset effect

Use gulp instead (c.f. commit message in 2043387)

Adds margin between container and header and top-border

Adds D3.js as npm dependency and updates gulpfile to copy it into vendor dir on `gulp`. D3.js will be used to render in-toto layouts as graphs, a.o. on the software supply chain page. This commit also reads a demo layout (Note: layout not checked into VCS) in the `software_supply_chain` view and passes it as json string to the template, where it's assigned to a global JS variable later used to init the D3 SVG.`

The svg element will hold the software supply chain graphs. I use a trick [1] to make the svg and it's elements responsive (scalable). - Also generalizes inset style used for various elements, e.g. form, sortable and svg container [1] http://thenewcode.com/744/Make-SVG-Responsive

- JS data transformation that turns in-toto layout into data suitable for D3 graphs (will probably move transformation to server) - A mostly copy pasted, not yet working D3 froce directed graph (will probably use a different library, e.g. dagre-d3)

dagre-d3 creates layouts for directed acyclic graphs (DAGs) and renders them using D3. Unfortunately the project is not maintained but it seems to work pretty well. dagre-d3 required a downgrade to D3 v3. An interesting maintained alternative could be http://js.cytoscape.org/ This commit also adds code (based on dagre examples) to render an in-toto supply chain.

We transform in-toto layouts into a data structure more suitable for JS graph libraries on the server side now, to be able to use in-toto convenience functions like `unpack_rule`.

in-toto steps and inspections are shown as isolated nodes (degree == 0) having each a material and a product child node, in case the node's materials or products are matched against another node's materials or products. This commit also removes the client side layout-to-graph data transformation and uses the server side transformed data instead.

This was tricky due to different coordinate systems we use, to provide scaling responsiveness, i.e. scale SVG elements preserving ration when resizing the window Here is a good blog post about svg coordinate systems https://sarasoueidan.com/blog/svg-coordinate-systems

The viewBox is now initialized to the actual width/height of its container. This makes the transformation between coordinate systems introduced in 1334ecf obsolete. As a consequence dagre-d3 intern translation (e.g. for label positioning) also work properly now. Caveat: When resize the window, the svg container does not keep the aspect ratio but the SVG does. This can lead to cropping when zooming after a window resize. This commit also introduces some basic styling - through element re-ordering, and - scss

The graph should not always be called on window load, but just on the software supply chain page. For jQuery convenience in client-side JS (inside script tags) we have to load it before the body loads. Later we could factor out this functionality into a js file that only loads on the ssc page.

Uses more generic class names and html data properties that hold template source (what to clone) and target (where to append) selectors, for adding and a selector of the container parent for removal.

We sort in two different places. On the building page (pre-sort selected build steps) and on the software supply chain page (sort all inferred steps and inspections).

The software supply chain page shows, in addition to the ssc graph, form elements to tweak names and commands of the inferred steps and inspections and to re-order them.

- Adds dependency to package.json - Adds copy node_module to gulpfile - Adds link to base.html

Currently the files are not processed in the backend

For now we point the in-toto dep to a dedicated wizard branch, that contains changes that are not yet merged into in-toto's develop branch.

- Adds basic "assign public keys to steps" section with a multiselect input field using select2 and a number input field for key thresholds - Defines a global dummy layout to be served on the ssc and authorization pages - just for frontend prototyping - Updates base.html to include select2 JS - Updates package.json with select2 as dependency - Updates gulpfile to copy select2 JS source - Updates main.scss to include select2 styles

Changes background color and border in uploaded key previews to match the default style of select2 selected keys

Copy/Pastes file upload dropzone for link upload from authorizing page. Needs to be DRYed!

Code snippets are put in a pre element, when the user clicks on the code it is turned into a textarea (with the same style as the pre element) and selected, for copy/paste convenience.

The wrap-up page shows a link (button) to download the final generated layout and command snippet to: generate a project owner key, sign the layout, carry out the steps (per functionary) - Adds readonly prop to code textarea (only meant for easy selecting) - Styles code snippet with "solarized" colors- - Adds prototyping layout to wizard (and removes debug print)

Uses svg from github's octicons as check bullet point for the guarantees list.

It's actually less code to just have the h1 tags on each child template.

The bar displays the progress of the layout creation when using the wizard.

@JustinCappos

Removes the node cluster visualization: step/inspection (parent) > material/product (child) On the software supply chain page and reverses the arrow direction. Following suggestions from @JustinCappos and @SantiagoTorres in a UI prototype walkthrough.

C.f. Bootstrap input-groups for more info http://getbootstrap.com/components/#input-groups

The form on the QA page now provides a select box to chose before or after which build step a QA step is performed. Also makes some minor style changes.

The collapsible form was covered by subsequent (invisible) option cells and therefor the input elements in the form could not gain focus. I incremented the z-index (and gave the form container a relative position!) to fix this.

'in-toto' is always lower case

@isachit

Tool collection provided by @isachit and @RohanBhirangi at isachit/in-toto-layout-json@5603b8e Data harmonized and re-formatted.

Change some logo URL's and shorten tool names for version control systems

- Adapt :after arrow adjust according to cell height - Disable option checkbox/radio (maybe we'll move it altogether)

- Replace logo urls (point to project homepages) - Update commands (make uniform, use "clone" commands) - Comment out some "less popular" (?) tools

Adds a fixed positioned message container using bootstrap alerts and a JavaScript function to display messages of various categories: alert-success, alert-info (default), alert-warning, alert-danger Adds in-html JavaScript that calls show_message onload emptying flask's flash message queue. Messages disappear after a fixed amount of time.

The checkbox/radio in option cells are removed due to some UI changes (see following commits). As a consequence we don't have to treat check/uncheck differently in the option grid form toggle click listener.

Replace kwargs with (in the macro signature defined) arguments --> for better readability Also changes argument name from `tools` to `options`, the argument represents a list of options (dicts) for a specific tool category (e.g. versioning). WIP: Templates using that macro need to be adjusted

The option_custom macro will actually contain all the form posted input elements and is now called `form_container`. The form groups rendered in the form_container are generated from the passed user_data, which is a dictionary of format {items: [<posted form data per tool>, ]} This commit also replaces kwargs with regular arguments and renames/adds a couple of arguments. A CSS id is also renamed. WIP: Templates using that macro need to be adjusted

Accepts GET and POST request. GET returns options from from tooldb and user_data if available in session. POST receives accepted form data (vcs commands and vcs comment), stores them to session, flashes a success message, and forwards to building view.

Every template that calls from container will also have a textarea section that can be used to leave a comment, e.g. if the tool does not allow the user describe his/her workflow.

- Add a versioning form macro (used in option grid and for custom commands in form container). The form can show an add (to form container) or a remove (from form container) button. Visibility is controlled with a css class. - Add some jinja comments for better readability - Add a drag handle (css) for form groups in form container

@awwad

According to a recent UI design change, only form content in the form container gets posted to the server. If a user edits provided tool defaults in the option grid, he/she must clone and add that form to the form container below in order to send the data to the server. That reasoning is that like this it is more transparent which "steps" a user actually sends to the server, especially if it is a mix of provided default commands and custom commands. Also sorting should be easier like this. This commit adds the necessary JS to copy the forms. Thanks to @awwad for his usability input

Building view accepts GET and POST requests On POST stores building commands and comment to session, flashes success message and redirects to qa view. On GET serves building options from tooldb and (if available) stored user data from session.

Removes building steps sort container. In new UI steps of one category can be sorted in the postable form container.

The `quality` view works similar to versioning and building views. Since the quality assurance form is more complex, posted form data has to be aggregated, in order to generate a single qa step. Each input element of a certain type is posted with the same name e.g. `cmd[]`, `build_step[]`, .. (note the square bracket convention), which the view parses as individual lists, aggregating them into qa steps by index. Additionally, the qa form uses previously form posted build steps to give the user a choice of when a certain qa step is executed in relation to a build step, i.e. before|after <build command X>.

Works exactly like versioning and building view displaying packaging specific tools as options and storing the posted form data to the "packaging" list in the user's session.

This commit comments out the ssc graph generation function based on an exiting layout and adds code to generate an ssc graph based on form posted data from previous pages. This includes slight changes in the ssc template and the graph rendering JS code.

The QA form allows to specify if a qa step is run before or after a certain build step. The added FIXME comment acknowledges that this information is not regarded as of now (i.e. no special re-sorting of qa steps happens) I wonder if we should maybe remove this feature altogether because re-ordering of steps can be done in the ssc view anyway.

Inspections are generated based on additional information added to a step created on the QA page. The respective qa step is used as source of the assessed inspections. This commit adds a input field to specify the step an inspection is based on to the ssc template.

- Indentation - Template comments - Fix missing closing div tag

The software supply chain view generates a software supply chain graph based on previously posted data (vcs, build, qa, package). Inspections are based on the information from the qa page. If the view receives a POST request it creates a new graph based on the posted form data from the ssc template, which is used subsequently. There are still a couple of issues with this view/page, which are listed in the view's docstring.

We used to add and authorize functionaries to perform steps on one page. Adding and authorizing now happens on two separate pages. This commit adds a new template that allows adding functionaries by name and then upload the according pubkey file. This commit - updates the file upload dropzone style in main.scss - adds two JS functions to add and remove functionaries - disables dropzone autodiscover in the base template - implements backend logic to add and remove functionaries and pubkeys in wizard.py - adds empty files directory used to store a.o. pubkeys

The authorizing frontend lets the user associate previously uploaded functionary pubkeys with previously defined steps.

The chaining page displays in-toto-mock snippets that show how to dry run the proposed supply chain (gathered from previously user posted data), plus a file dropzone to upload the generated (mock) link metadata files, which will be used to create the actual layout.

The wrap_up page provides - a button to download the generated layout - a snippet that shows how to generate the project owner key pair - a snippet that shows how to sign the layout - a snippet per functionary that lists the commands each functionary should use to perform the steps s/he is authorized to perform The backend just serves the previously posted data

The layout wizard will guide a project owner through running the required steps using in-toto commands. The resulting link files will be used to create an initial software supply chain layout using this script.

- Removes list comprehensions

This part in the qa step form wasn't displayed if no build steps had been posted, which lead to varying lengths in the form posted data lists, which in turn messed up the per-step-aggregation based on indices (asserts do actually reveal programming errors). Instead of actually fixing the issue this commit just removes the mentioned form field. This also reduces makes the UX slicker/easier. Also re-ordering steps can be done at the end.

We don't need the whole path (we can generate using os.join and the constant for session files) and it makes it easier to display the filename based on what is stored in the session (no need for a `basename` custom template filter).

The snippets in chaining and wrap up template used to display steps based on the data in the authorization dict, which (since it is a dict) does not preserve the order of the steps. This fixes the bug by using the steps from the "ssc" nodes list. Downside, we now have to also check if the nodes are of type "step" (and not "inspection") in the template.

The reverse layout module was cherry picked from an outdated layout wizard branch and had some deprecated in_toto link default property settings. The job is done in in_toto link's constructors in the meanwhile so we can remove the logic from reverse_layout.

We don't need that code when importing reverse_layout as module.

This commit changes `download_layout` view to dump the created layout to a file and then serve it using `send_from_directory`. Caveat: Currently each layout is dumped `root.layout` and therefor overrides a previously created layout.

This commit adds the previously uploaded public keys to the layout created in the `download_layout` view and also adds the functionary keyids to the relevant steps as previously specified by the user.

We can't serve the data in a dict if order matters. Changed to list.

We create inspections based on form posted data. The inspections have one material rule that matches * from the step's products they are based on (as per form posted data) and no product rules

Concurrent (link) file uploads that store the results (e.g. filename) to session can (currently) overwrite each other.

The tip of in-toto@layout-wizard has the new in-toto-keygen tool integrated, which we can use instead of the openssl commands to create keys.

- Changes the operator values for byproduct inspections to align with in-toto-inspection/inspect_byproducts.py - Changes `contains not` to does not contain` - Adds quotes for byproduct string comparison inspection cmd - Adds byproduct comparison operator `is empty` which is equal to `is ""`

This commit adds an extra (top) option grid, just for the custom command (Note: we could add other special option, e.g. "no command" to this option grid as well) and some changes in the scss grid making magic, i.e. it moves the option cell and option form content scss code (which uses media queries) to a scss mixin and includes that mixin using different cells per breakpoint separately for the new special option grid (currently only one cell) and for the regular option grid.

Users can specify commands and the like for tools they use inside of the option grid, but in order to send it they have to add the tool "to their workflow". This commit changes the background color of the form that actually gets posted.

So a user had to click on an option in the opt form, add it to the workflow and then click on next to post the form and get to the next page. This commit adds an additional button to each opt-form that let's the user immedeately post the form and continue on the next page.

opt-forms are always cloned from the option grid now, even empty custom forms, so we don't need to render a hidden template form that we use to add new empty forms anymore.

Only show the opt-form-container header (now called Workflow) plus a new descriptive text if there are any commands selected.

Forgot to prepend the user_files path.

We will persist user data based on a session id. This commit adds a view decorator that checks the session if it already has said id and if not one is created and stored to the session. This commit also decorates every view with the new decorator.

- Add Flask-PyMongo to requirements Seems to be better maintained than flask-mongokit or flask-mongoalchemy - Update deps in README - Init PyMongo Client in wizard

Instead of storing user data to the sessions we only keep a unique id in the session and store user data under that id to a mongodb collection ("session_collection"). Each session is represented by one document in that collection. This commit adds helper functions to: - query the entire document - individual subdocuments (which store data of one page) - insert/update subdocuments (plus a wrapper that adds a last_modified field to a given subdocument, i.e. unix timestamp)

This commit updates view functions to use mongodb persist/retrieve helper functions to store and get data. Before all data was stored to server session. Now it is persisted in a database and can be used for usage analysis.

Changes functionaries, authorizing and chaining subdocuments to not store a "last_modified" timestamp. Each of these subdocuments has dynamic keys of a certain type, i.e. functionary names (functionaries) or step names (authorizing and chaining). Adding a "last_modified" key pollutes the key namespace. For now we just remove that key because we probably don't need a timestamp in these subdocuments.

The wrapper that stores subdocuments with a timestamp accidentally added the timestamp on document level instead.

The ssc subdocument was tailored for the graph visualization JS function. This commit simplifies the data structure and the functions that generate the data structure, either from data posted in previous steps, or from data posted on the software supply chain page. The data in ssc is essential for the whole tool -- it is first generated using the data from early steps and it is used to render pages in later steps and to eventually generate a layout -- this commit requires a lot of changes all over the place. This commit also temporarily disables graph visualization.

- Add JS function to traverse DOM to generate the ssc graph from ssc form - Add listeners to update the graph when step form changes Listens for step name input blur, custom remove event and sortable update event

- Remove duplicate class - Add class for top margin do remove button (only visible on small screen)

Reporting steps, e.g. QA steps, should not have an outdegree in the ssc graph, because they don't have products. This commit adds a checkbox to the steps in the ssc form and modifies the graph generating function to ignore reporting steps in terms of edge sources. Note: Checkboxes are only posted to the server if they are checked, but we need a value per step to be able to aggregate step values by index, hence we employ a JS workaround that copies the checkbox state to a hidden input field on change.

Adds `modifies` property to ssc data generation functions, i.e. `session_to_ssc` (1) and `form_data_to_ssc` (2). (1) steps created from form posted data on QA page are modifying (2) read an additional input field (c.f. previous commit for info about checkbox workaround)

On the QA page a user can choose specify if s/he wants to create an inspection for a given QA step. According to what a user picks the layout tool constructs inspection commands using `inspect_byproducts.py` and `inspect_return_value.py` command line scripts (https://github.com/in-toto/in-toto-inspections). This commit adds checkboxes to include/omit an inspection of a given type (return value, standard output, standard error) for a given step. Per default inspections are disabled. Also: - changes `col` to `col-md` in inspection markup for better responsiveness - fixes a un-checked bug for stdout/stderr operators Note: - We apply the same post-checkbox-value-as-hidden-input workaround as in f2fe437 - Although disabling the inputs of an un-checked inspection would be nicer, for now we just hide them, because disabling exclude them from form post which again messes up the per index aggregation.

- Stores uploaded pubkeys (dict) to database (bson) instead of file. Now that we have a (mongo) DB, we don't really need to store files anymore, which will make isolation between sessions easier/ - Adapts other views and templates to pubkey changes - Enhances displaying keys in a dropzone that are already stored on the server - Cleans up dropzone JS code - Enables replacing an uploaded public key for a functionary

- Stores uploaded keys to database: We use DB to isolate sessions and hence store uploaded files (pubkeys in previous commit, links in this commit) to the DB. - Changes "chaining" data structure. Used to be <step name>: <link path>, but having user input data as dictionary keys is a problem when storing data to mongoDB, due to some restrictions. The format is now [{step_name: <step name>, file_name: <fn>, "link_str": <repr(link object)>}] We store the link as string and not as dictionary for the same reason. - Enhances displaying keys in a dropzone that are already stored on the server - Cleans up dropzone JS code - Enables removing uploaded link files

I had to do this for other functions (c.f. function hoisting) and changed it everywhere to be uniform.

MongoDB restricts dictionary keys, hence we shouldn't use user posted data as dictionary keys. This commit changes the functionary session subdocument structure from: {<func name>: {"file_name": <file_name>, "key": <pubkey dict>}, ...} to: {"items": [{"func_name: <>, "file_name": <>, "key": <>}, ...] This commit also fixes DB update/insert concurrency issues.

MongoDB restricts dictionary keys, hence we shouldn't use user posted data as dictionary keys. This commit changes the authorization session subdocument structure from: {<step name>: {"threshold": <int>, "authorized_functionaries": [<func name>, ...]}, ...} to: {"items": [ {"step_name": <>, "theshold": <>, "authorized_functionaries": []}, ...] For convenience, this commit also adds a helper function that converts the new data structure to the old one.

Changes layout download view to serve the layout from memory using StringIO instead of dumping it to a session directory. This commit also - removes the session directory option, because we no longer have to store files to disk in a session. - serves the layout with a timestamped filename - explicitly states the mimetype of the served layout

We used to include the comment section in the form container macro (currently used in vcs, building, qa and packaging pages). But we want to add comments on other pages as well.

This commit adds a comment form section to the pages for software_supply_chain, functionaries, authorizing and chaining and updates their respective views to persist a user posted comment in the respective session document.

This function was used to generated graph data from an existing layout, which we currently don't do.

Tried to call a method on a variable that did not exist in that scope.

This commit adds a tar archiving command to the snippet on the chaining page and changes the chaining view to additionally accept archives of links. The commit also updates the link upload dropzone callback, to display previews for the actually stored files, i.e.: if foo.tar contains bar.link and baz.link, the dropzone displays the latter two on successful return from the server.

The data displayed on the software supply chain page is initially based on data posted on previous pages, but can also be changed and stored to the DB. This commit changes the ssc view so that it displays a "confirm re-generate dialog" if the user has re-visited one of the previous pages and comes back to the ssc page.

Per default Flask reports to the WSGI error stream or stderr. We can configure the vhost so that the logs show up in /var/log/apache2/... Application errors get logged automatically.

This commit adds a function that intercepts ajax/json responses and injects messages from Flask's flash message module. Messages can then be displayed on client side using the newly added JS function show_messages(repsonse.messages). The commit also updates some of the messages flashed in the various views.

Uses Flask-WTF module for CSRF protection. Forms are protected by adding a hidden input field with a CSRF token and ajax requests are protected by adding the token to a header field.

This commit removes the svg based placeholder for options without logo and only displays the centered option text instead.

We don't need a files directory anymore because uploaded files (pubkeys, links) are now stored to the db and created files (layouts) are kept in memory.

With this setting the development server auto reloads when a template changes (only if debug is set to true).

The beta tag links to github's issue page. Maybe it should be indicated that this is a link?

- Remove path insertion for flask wizard app (not needed if the wsgi file is in the same directory) - Add expanduser to make absolute path from "activate_this" path (execfile seems to need an absolute path) - Add docstring

Aligns with lab guidelines for licensing now

Package.json - Mark as first major beta prerelease c.f. semantic versioning https://docs.npmjs.com/misc/semver - Add post install scripts to copy js dependencies installed to node_modules and compile scss styles - Pin currently used bootstrap version - Update author and description fields README Remove instructions to run gulp and sass npm install takes care of this now

Adds minus sign (-) to start and end of comment blocks http://jinja.pocoo.org/docs/2.9/templates/#whitespace-control

@aaaaalbert

JQuery's `clone` does not clone user selections made to `select` elements. On the quality assurance page we clone forms that with multiple select elements. This commit adds JS code to explicitly re-assign the selected values after a clone. Thanks for spotting this bug, @aaaaalbert!

Wrong use of plural

This project is not available via npm. The package.json is used for front-end dependency management only, i.e.: - Download and install front-end dependencies - Call front-end task manager `gulp` to deploy front-end dependencies - Compile and deploy styles

- Add newlines at end of file - Update project website URL in readme - Add note about `service` deprecation to readme - pin in-toto repo to commit in requirements file - git rename reverse_layout to create_layout - remove obsolete stand-alone script parts from create_layout - update create_layout header to show demo usage - update comment about message show duration in main.js - rename authorizing.html to authorizing_functionaries.html - make constant in uppercase in tooldb - Remove sample wsgi script. (The readme still has a link to a sample wsgi on the Flask website)

This is also what the extension `Flask-Session` uses for session ids.

@awwad

As pointed out by @awwad the suggested snippet did not work. This commit fixes the snippet. The command line tool's usage message will be fixed with in-toto/in-toto#118

@awwad

Thanks to @awwad for rephrasing this. #14 (comment)

@SantiagoTorres

As pointed out by @SantiagoTorres we should check that the arguments to `form_data_to_ssc` have the same length, also inside the function. This commit adds the necessary if statements.

See http://flask.pocoo.org/docs/0.12/config/#instance-folders for more infos about flask's instance folders.

- Rephrase link to project website - Add link to deployed beta version - Mention python development headers - Add Acknowledgements section

Replace "therefor" with "therefore" and "according" with "corresponding" where necessary.

@vladimir-v-diaz

As @vladimir-v-diaz pointed out correctly vcs is more accurate in this context.

Commits on Aug 30, 2017

Fix wrong year in LICENSE file

lukpueh committed Aug 30, 2017

Configuration menu

View commit details

Copy full SHA for 1bbbc53

Browse repository at this point

Copy the full SHA

1bbbc53 View commit details

Browse the repository at this point in the history

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Initial PR (complete layout tool) #14

Initial PR (complete layout tool) #14

Commits on Jul 25, 2017

Commits on Aug 16, 2017

Commits on Aug 17, 2017

Commits on Aug 18, 2017

Commits on Aug 29, 2017

Commits on Aug 30, 2017

Commits on Sep 14, 2017

Commits on Sep 15, 2017