fix: [secrets import] use urandom

var/www/create_default_user.py

@@ -4,12 +4,11 @@
 import os
 import sys
 import redis
-import secrets
 import configparser
 
 sys.path.append(os.path.join(os.environ['AIL_FLASK'], 'modules'))
 
-from Role_Manager import create_user_db, edit_user_db, get_default_admin_token
+from Role_Manager import create_user_db, edit_user_db, get_default_admin_token, gen_password
 
 
 
@@ -36,7 +35,7 @@ if __name__ == "__main__":
         r_serv.zadd('ail:all_role', 2, 'analyst')
 
     username = 'admin@admin.test'
-    password = secrets.token_urlsafe()
+    password = gen_password()
     if r_serv.exists('user_metadata:admin@admin.test'):
         edit_user_db(username, password=password, role='admin')
     else:
@@ -51,3 +50,4 @@ if __name__ == "__main__":
 
     print('new user created: {}'.format(username))
     print('password: {}'.format(password))
+    print('token: {}'.format(token))

var/www/modules/Role_Manager.py

@@ -5,7 +5,6 @@ import os
 import re
 import redis
 import bcrypt
-import secrets
 import configparser
 
 from functools import wraps
@@ -67,11 +66,23 @@ def login_analyst(func):
 ###############################################################
 ###############################################################
 
+def gen_password(length=30, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()"):
+    random_bytes = os.urandom(length)
+    len_charset = len(charset)
+    indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
+    return "".join([charset[index] for index in indices])
+
+def gen_token(length=41, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"):
+    random_bytes = os.urandom(length)
+    len_charset = len(charset)
+    indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
+    return "".join([charset[index] for index in indices])
+
 def generate_new_token(user_id):
     # create user token
     current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
     r_serv_db.hdel('user:tokens', current_token)
-    token = secrets.token_urlsafe(41)
+    token = gen_token(41)
     r_serv_db.hset('user:tokens', token, user_id)
     r_serv_db.hset('user_metadata:{}'.format(user_id), 'token', token)
 

var/www/modules/settings/Flask_settings.py

@@ -8,10 +8,9 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
 from flask_login import login_required, current_user
 
 from Role_Manager import login_admin, login_analyst
-from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token
+from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token, gen_password
 
 import json
-import secrets
 import datetime
 
 import git_status
@@ -183,7 +182,7 @@ def create_user_post():
                     return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True)
             # generate password
             else:
-                password = secrets.token_urlsafe()
+                password = gen_password()
 
             if current_user.is_in_role('admin'):
                 # edit user