From add0a95814d9e9477387e233d77383778a2212be Mon Sep 17 00:00:00 2001 From: Terrtia Date: Fri, 5 Jul 2019 15:20:47 +0200 Subject: [PATCH] fix: [secrets import] use urandom --- var/www/create_default_user.py | 6 +++--- var/www/modules/Role_Manager.py | 15 +++++++++++++-- var/www/modules/settings/Flask_settings.py | 5 ++--- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/var/www/create_default_user.py b/var/www/create_default_user.py index c0735611..5bf0e63a 100755 --- a/var/www/create_default_user.py +++ b/var/www/create_default_user.py @@ -4,12 +4,11 @@ import os import sys import redis -import secrets import configparser sys.path.append(os.path.join(os.environ['AIL_FLASK'], 'modules')) -from Role_Manager import create_user_db, edit_user_db, get_default_admin_token +from Role_Manager import create_user_db, edit_user_db, get_default_admin_token, gen_password @@ -36,7 +35,7 @@ if __name__ == "__main__": r_serv.zadd('ail:all_role', 2, 'analyst') username = 'admin@admin.test' - password = secrets.token_urlsafe() + password = gen_password() if r_serv.exists('user_metadata:admin@admin.test'): edit_user_db(username, password=password, role='admin') else: @@ -51,3 +50,4 @@ if __name__ == "__main__": print('new user created: {}'.format(username)) print('password: {}'.format(password)) + print('token: {}'.format(token)) diff --git a/var/www/modules/Role_Manager.py b/var/www/modules/Role_Manager.py index bb48898a..dbef9bd8 100644 --- a/var/www/modules/Role_Manager.py +++ b/var/www/modules/Role_Manager.py @@ -5,7 +5,6 @@ import os import re import redis import bcrypt -import secrets import configparser from functools import wraps @@ -67,11 +66,23 @@ def login_analyst(func): ############################################################### ############################################################### +def gen_password(length=30, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()"): + random_bytes = os.urandom(length) + len_charset = len(charset) + indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes] + return "".join([charset[index] for index in indices]) + +def gen_token(length=41, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"): + random_bytes = os.urandom(length) + len_charset = len(charset) + indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes] + return "".join([charset[index] for index in indices]) + def generate_new_token(user_id): # create user token current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token') r_serv_db.hdel('user:tokens', current_token) - token = secrets.token_urlsafe(41) + token = gen_token(41) r_serv_db.hset('user:tokens', token, user_id) r_serv_db.hset('user_metadata:{}'.format(user_id), 'token', token) diff --git a/var/www/modules/settings/Flask_settings.py b/var/www/modules/settings/Flask_settings.py index b1d89554..a569cbbb 100644 --- a/var/www/modules/settings/Flask_settings.py +++ b/var/www/modules/settings/Flask_settings.py @@ -8,10 +8,9 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect, from flask_login import login_required, current_user from Role_Manager import login_admin, login_analyst -from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token +from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token, gen_password import json -import secrets import datetime import git_status @@ -183,7 +182,7 @@ def create_user_post(): return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True) # generate password else: - password = secrets.token_urlsafe() + password = gen_password() if current_user.is_in_role('admin'): # edit user