fix: [secrets import] use urandom

2019-07-05 15:20:47 +02:00 · 2019-07-05 15:20:47 +02:00 · add0a95814
parent 1c7b66e5de
commit add0a95814
3 changed files with 18 additions and 8 deletions
--- a/var/www/create_default_user.py
+++ b/var/www/create_default_user.py
@ -4,12 +4,11 @@
 import os
 import sys
 import redis
 import secrets
 import configparser
 sys.path.append(os.path.join(os.environ['AIL_FLASK'], 'modules'))
-from Role_Manager import create_user_db, edit_user_db, get_default_admin_token
+from Role_Manager import create_user_db, edit_user_db, get_default_admin_token, gen_password
@ -36,7 +35,7 @@ if __name__ == "__main__":
        r_serv.zadd('ail:all_role', 2, 'analyst')
    username = 'admin@admin.test'
-    password = secrets.token_urlsafe()
+    password = gen_password()
    if r_serv.exists('user_metadata:admin@admin.test'):
        edit_user_db(username, password=password, role='admin')
    else:
@ -51,3 +50,4 @@ if __name__ == "__main__":
    print('new user created: {}'.format(username))
    print('password: {}'.format(password))
    print('token: {}'.format(token))
--- a/var/www/modules/Role_Manager.py
+++ b/var/www/modules/Role_Manager.py
@ -5,7 +5,6 @@ import os
 import re
 import redis
 import bcrypt
 import secrets
 import configparser
 from functools import wraps
@ -67,11 +66,23 @@ def login_analyst(func):
 ###############################################################
 ###############################################################
 def gen_password(length=30, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()"):
    random_bytes = os.urandom(length)
    len_charset = len(charset)
    indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
    return "".join([charset[index] for index in indices])
 def gen_token(length=41, charset="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"):
    random_bytes = os.urandom(length)
    len_charset = len(charset)
    indices = [int(len_charset * (byte / 256.0)) for byte in random_bytes]
    return "".join([charset[index] for index in indices])
 def generate_new_token(user_id):
    # create user token
    current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
    r_serv_db.hdel('user:tokens', current_token)
-    token = secrets.token_urlsafe(41)
+    token = gen_token(41)
    r_serv_db.hset('user:tokens', token, user_id)
    r_serv_db.hset('user_metadata:{}'.format(user_id), 'token', token)
--- a/var/www/modules/settings/Flask_settings.py
+++ b/var/www/modules/settings/Flask_settings.py
@ -8,10 +8,9 @@ from flask import Flask, render_template, jsonify, request, Blueprint, redirect,
 from flask_login import login_required, current_user
 from Role_Manager import login_admin, login_analyst
-from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token
+from Role_Manager import create_user_db, edit_user_db, delete_user_db, check_password_strength, generate_new_token, gen_password
 import json
 import secrets
 import datetime
 import git_status
@ -183,7 +182,7 @@ def create_user_post():
                    return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True)
            # generate password
            else:
-                password = secrets.token_urlsafe()
+                password = gen_password()
            if current_user.is_in_role('admin'):
                # edit user