fix: [secrets import] use urandom

This commit is contained in:
Terrtia 2019-07-05 15:20:47 +02:00
parent 1c7b66e5de
commit add0a95814
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
3 changed files with 18 additions and 8 deletions

View file

@ -4,12 +4,11 @@
import os import os
import sys import sys
import redis import redis
import secrets
import configparser import configparser
sys.path.append(os.path.join(os.environ['AIL_FLASK'], 'modules')) sys.path.append(os.path.join(os.environ['AIL_FLASK'], 'modules'))
from Role_Manager import create_user_db, edit_user_db, get_default_admin_token from Role_Manager import create_user_db, edit_user_db, get_default_admin_token, gen_password
@ -36,7 +35,7 @@ if __name__ == "__main__":
r_serv.zadd('ail:all_role', 2, 'analyst') r_serv.zadd('ail:all_role', 2, 'analyst')
username = 'admin@admin.test' username = 'admin@admin.test'
password = secrets.token_urlsafe() password = gen_password()
if r_serv.exists('user_metadata:admin@admin.test'): if r_serv.exists('user_metadata:admin@admin.test'):
edit_user_db(username, password=password, role='admin') edit_user_db(username, password=password, role='admin')
else: else:
@ -51,3 +50,4 @@ if __name__ == "__main__":
print('new user created: {}'.format(username)) print('new user created: {}'.format(username))
print('password: {}'.format(password)) print('password: {}'.format(password))
print('token: {}'.format(token))

View file

@ -5,7 +5,6 @@ import os
import re import re
import redis import redis
import bcrypt import bcrypt
import secrets
import configparser import configparser
from functools import wraps from functools import wraps
@ -67,11 +66,23 @@ def login_analyst(func):
############################################################### ###############################################################
############################################################### ###############################################################
def gen_password(length=30, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()"):
random_bytes = os.urandom(length)
len_charset = len(charset)
indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
return "".join([charset[index] for index in indices])
def gen_token(length=41, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"):
random_bytes = os.urandom(length)
len_charset = len(charset)
indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
return "".join([charset[index] for index in indices])
def generate_new_token(user_id): def generate_new_token(user_id):
# create user token # create user token
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token') current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
r_serv_db.hdel('user:tokens', current_token) r_serv_db.hdel('user:tokens', current_token)
token = secrets.token_urlsafe(41) token = gen_token(41)
r_serv_db.hset('user:tokens', token, user_id) r_serv_db.hset('user:tokens', token, user_id)
r_serv_db.hset('user_metadata:{}'.format(user_id), 'token', token) r_serv_db.hset('user_metadata:{}'.format(user_id), 'token', token)

View file

@ -8,10 +8,9 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
from flask_login import login_required, current_user from flask_login import login_required, current_user
from Role_Manager import login_admin, login_analyst from Role_Manager import login_admin, login_analyst
from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token, gen_password
import json import json
import secrets
import datetime import datetime
import git_status import git_status
@ -183,7 +182,7 @@ def create_user_post():
return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True) return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True)
# generate password # generate password
else: else:
password = secrets.token_urlsafe() password = gen_password()
if current_user.is_in_role('admin'): if current_user.is_in_role('admin'):
# edit user # edit user