Safer password/token generation for the DJ.
This commit is contained in:
Josh W
parent
11d6b102af
commit
098c772da9
2 changed files with 9 additions and 20 deletions
|
|
@ -2,20 +2,22 @@
|
||||||
|
|
||||||
import binascii
|
import binascii
|
||||||
import os
|
import os
|
||||||
|
import secrets
|
||||||
|
import string
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth.hashers import make_password
|
from django.contrib.auth.hashers import make_password
|
||||||
|
from django.utils.crypto import get_random_string
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
|
||||||
from core.utils import generate_password
|
|
||||||
|
|
||||||
|
|
||||||
def create_dj_user(apps, schema_editor):
|
def create_dj_user(apps, schema_editor):
|
||||||
User = apps.get_model('core', 'RadioUser')
|
User = apps.get_model('core', 'RadioUser')
|
||||||
Token = apps.get_model('authtoken', 'Token')
|
Token = apps.get_model('authtoken', 'Token')
|
||||||
db_alias = schema_editor.connection.alias
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
new_password = generate_password()
|
chars = string.ascii_letters + string.digits + string.punctuation
|
||||||
|
new_password = get_random_string(length=32, allowed_chars=chars)
|
||||||
dj = User(email=settings.RADIO_DJ_EMAIL,
|
dj = User(email=settings.RADIO_DJ_EMAIL,
|
||||||
name=settings.RADIO_DJ_NAME,
|
name=settings.RADIO_DJ_NAME,
|
||||||
password=make_password(new_password),
|
password=make_password(new_password),
|
||||||
|
|
@ -24,10 +26,10 @@ def create_dj_user(apps, schema_editor):
|
||||||
is_dj=True)
|
is_dj=True)
|
||||||
dj.save(using=db_alias)
|
dj.save(using=db_alias)
|
||||||
|
|
||||||
# Since 'post_save' is impervious to migration scripts, this is pulled
|
# Since 'post_save' is impervious to migration scripts, this will be
|
||||||
# directly from the authtoken code for key generation. Otherwise, key will
|
# created here instead. Otherwise, key will be blank and we don't want
|
||||||
# be blank.
|
# that for the DJ account.
|
||||||
token = Token(key=binascii.hexlify(os.urandom(20)).decode(), user=dj)
|
token = Token(key=secrets.token_hex(20), user=dj)
|
||||||
token.save(using=db_alias)
|
token.save(using=db_alias)
|
||||||
|
|
||||||
with open(os.path.join(settings.PROJECT_DIR, '.djinfo'), 'w') as f:
|
with open(os.path.join(settings.PROJECT_DIR, '.djinfo'), 'w') as f:
|
||||||
|
|
|
||||||
|
|
@ -36,19 +36,6 @@ FILE_IRI_PATTERN = (
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def generate_password(length=32):
|
|
||||||
'''
|
|
||||||
Quick and dirty random password generator.
|
|
||||||
|
|
||||||
***WARNING*** - Although this is likely "good enough" to create a secure
|
|
||||||
password, there are no validations (suitible entropy, dictionary words,
|
|
||||||
etc.) and should not be completely trusted. YOU HAVE BEEN WARNED.
|
|
||||||
'''
|
|
||||||
chars = string.ascii_letters + string.digits + string.punctuation
|
|
||||||
rng = random.SystemRandom()
|
|
||||||
return ''.join([rng.choice(chars) for i in range(length)])
|
|
||||||
|
|
||||||
|
|
||||||
def get_len(rawqueryset):
|
def get_len(rawqueryset):
|
||||||
'''
|
'''
|
||||||
Adds/Overrides a dynamic implementation of the length protocol to the
|
Adds/Overrides a dynamic implementation of the length protocol to the
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue