mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-26 15:57:16 +00:00
fix: [secrets import] use urandom
This commit is contained in:
parent
1c7b66e5de
commit
add0a95814
3 changed files with 18 additions and 8 deletions
|
@ -4,12 +4,11 @@
|
|||
import os
|
||||
import sys
|
||||
import redis
|
||||
import secrets
|
||||
import configparser
|
||||
|
||||
sys.path.append(os.path.join(os.environ['AIL_FLASK'], 'modules'))
|
||||
|
||||
from Role_Manager import create_user_db, edit_user_db, get_default_admin_token
|
||||
from Role_Manager import create_user_db, edit_user_db, get_default_admin_token, gen_password
|
||||
|
||||
|
||||
|
||||
|
@ -36,7 +35,7 @@ if __name__ == "__main__":
|
|||
r_serv.zadd('ail:all_role', 2, 'analyst')
|
||||
|
||||
username = 'admin@admin.test'
|
||||
password = secrets.token_urlsafe()
|
||||
password = gen_password()
|
||||
if r_serv.exists('user_metadata:admin@admin.test'):
|
||||
edit_user_db(username, password=password, role='admin')
|
||||
else:
|
||||
|
@ -51,3 +50,4 @@ if __name__ == "__main__":
|
|||
|
||||
print('new user created: {}'.format(username))
|
||||
print('password: {}'.format(password))
|
||||
print('token: {}'.format(token))
|
||||
|
|
|
@ -5,7 +5,6 @@ import os
|
|||
import re
|
||||
import redis
|
||||
import bcrypt
|
||||
import secrets
|
||||
import configparser
|
||||
|
||||
from functools import wraps
|
||||
|
@ -67,11 +66,23 @@ def login_analyst(func):
|
|||
###############################################################
|
||||
###############################################################
|
||||
|
||||
def gen_password(length=30, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()"):
|
||||
random_bytes = os.urandom(length)
|
||||
len_charset = len(charset)
|
||||
indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
|
||||
return "".join([charset[index] for index in indices])
|
||||
|
||||
def gen_token(length=41, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"):
|
||||
random_bytes = os.urandom(length)
|
||||
len_charset = len(charset)
|
||||
indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
|
||||
return "".join([charset[index] for index in indices])
|
||||
|
||||
def generate_new_token(user_id):
|
||||
# create user token
|
||||
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
|
||||
r_serv_db.hdel('user:tokens', current_token)
|
||||
token = secrets.token_urlsafe(41)
|
||||
token = gen_token(41)
|
||||
r_serv_db.hset('user:tokens', token, user_id)
|
||||
r_serv_db.hset('user_metadata:{}'.format(user_id), 'token', token)
|
||||
|
||||
|
|
|
@ -8,10 +8,9 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
|
|||
from flask_login import login_required, current_user
|
||||
|
||||
from Role_Manager import login_admin, login_analyst
|
||||
from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token
|
||||
from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token, gen_password
|
||||
|
||||
import json
|
||||
import secrets
|
||||
import datetime
|
||||
|
||||
import git_status
|
||||
|
@ -183,7 +182,7 @@ def create_user_post():
|
|||
return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True)
|
||||
# generate password
|
||||
else:
|
||||
password = secrets.token_urlsafe()
|
||||
password = gen_password()
|
||||
|
||||
if current_user.is_in_role('admin'):
|
||||
# edit user
|
||||
|
|
Loading…
Reference in a new issue