mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-27 00:07:16 +00:00
fix: [secrets import] use urandom
This commit is contained in:
parent
1c7b66e5de
commit
add0a95814
3 changed files with 18 additions and 8 deletions
|
@ -4,12 +4,11 @@
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import redis
|
import redis
|
||||||
import secrets
|
|
||||||
import configparser
|
import configparser
|
||||||
|
|
||||||
sys.path.append(os.path.join(os.environ['AIL_FLASK'], 'modules'))
|
sys.path.append(os.path.join(os.environ['AIL_FLASK'], 'modules'))
|
||||||
|
|
||||||
from Role_Manager import create_user_db, edit_user_db, get_default_admin_token
|
from Role_Manager import create_user_db, edit_user_db, get_default_admin_token, gen_password
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -36,7 +35,7 @@ if __name__ == "__main__":
|
||||||
r_serv.zadd('ail:all_role', 2, 'analyst')
|
r_serv.zadd('ail:all_role', 2, 'analyst')
|
||||||
|
|
||||||
username = 'admin@admin.test'
|
username = 'admin@admin.test'
|
||||||
password = secrets.token_urlsafe()
|
password = gen_password()
|
||||||
if r_serv.exists('user_metadata:admin@admin.test'):
|
if r_serv.exists('user_metadata:admin@admin.test'):
|
||||||
edit_user_db(username, password=password, role='admin')
|
edit_user_db(username, password=password, role='admin')
|
||||||
else:
|
else:
|
||||||
|
@ -51,3 +50,4 @@ if __name__ == "__main__":
|
||||||
|
|
||||||
print('new user created: {}'.format(username))
|
print('new user created: {}'.format(username))
|
||||||
print('password: {}'.format(password))
|
print('password: {}'.format(password))
|
||||||
|
print('token: {}'.format(token))
|
||||||
|
|
|
@ -5,7 +5,6 @@ import os
|
||||||
import re
|
import re
|
||||||
import redis
|
import redis
|
||||||
import bcrypt
|
import bcrypt
|
||||||
import secrets
|
|
||||||
import configparser
|
import configparser
|
||||||
|
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
|
@ -67,11 +66,23 @@ def login_analyst(func):
|
||||||
###############################################################
|
###############################################################
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
def gen_password(length=30, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()"):
|
||||||
|
random_bytes = os.urandom(length)
|
||||||
|
len_charset = len(charset)
|
||||||
|
indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
|
||||||
|
return "".join([charset[index] for index in indices])
|
||||||
|
|
||||||
|
def gen_token(length=41, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"):
|
||||||
|
random_bytes = os.urandom(length)
|
||||||
|
len_charset = len(charset)
|
||||||
|
indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
|
||||||
|
return "".join([charset[index] for index in indices])
|
||||||
|
|
||||||
def generate_new_token(user_id):
|
def generate_new_token(user_id):
|
||||||
# create user token
|
# create user token
|
||||||
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
|
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
|
||||||
r_serv_db.hdel('user:tokens', current_token)
|
r_serv_db.hdel('user:tokens', current_token)
|
||||||
token = secrets.token_urlsafe(41)
|
token = gen_token(41)
|
||||||
r_serv_db.hset('user:tokens', token, user_id)
|
r_serv_db.hset('user:tokens', token, user_id)
|
||||||
r_serv_db.hset('user_metadata:{}'.format(user_id), 'token', token)
|
r_serv_db.hset('user_metadata:{}'.format(user_id), 'token', token)
|
||||||
|
|
||||||
|
|
|
@ -8,10 +8,9 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
|
||||||
from flask_login import login_required, current_user
|
from flask_login import login_required, current_user
|
||||||
|
|
||||||
from Role_Manager import login_admin, login_analyst
|
from Role_Manager import login_admin, login_analyst
|
||||||
from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token
|
from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token, gen_password
|
||||||
|
|
||||||
import json
|
import json
|
||||||
import secrets
|
|
||||||
import datetime
|
import datetime
|
||||||
|
|
||||||
import git_status
|
import git_status
|
||||||
|
@ -183,7 +182,7 @@ def create_user_post():
|
||||||
return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True)
|
return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True)
|
||||||
# generate password
|
# generate password
|
||||||
else:
|
else:
|
||||||
password = secrets.token_urlsafe()
|
password = gen_password()
|
||||||
|
|
||||||
if current_user.is_in_role('admin'):
|
if current_user.is_in_role('admin'):
|
||||||
# edit user
|
# edit user
|
||||||
|
|
Loading…
Reference in a new issue