def signup_user(): pwd = genword(length=16) uid = genword(length=8) hashes.insert_one({ "hash": pbkdf2_sha256.encrypt(pwd, rounds=2000, salt_size=16), "uid": uid }) new_user = {"uid": uid, "balance": "10000", "portfolio": {}} users.insert_one(new_user) return f"Registered! Set these headers on your requests to authenticate:\nuid: {uid}\nauthorization_key: {pwd}"
def test_charset(self): """'charset' & 'chars' options""" # charset option results = genword(charset="hex", returns=5000) self.assertResultContents(results, 5000, hex) # chars option # there are 3**3=27 possible combinations results = genword(length=3, chars="abc", returns=5000) self.assertResultContents(results, 5000, "abc", unique=27) # chars + charset self.assertRaises(TypeError, genword, chars='abc', charset='hex')
def start(ctx, certs_path='./nginx/certs'): '''Start all services.''' certs.setup(ctx) filesystem.mkdir(ctx, certs_path) certs.generate(ctx, name=['spades.local', 'localhost'], key=f"{certs_path}/spades.key", cert=f"{certs_path}/spades.crt") env = { 'POSTGRESQL_PASSWORD': genword(entropy=56, length=128), 'REDIS_PASSWORD': genword(entropy=56, length=128) } compose.start(ctx, files=[], env=env)
def test_returns(self): """'returns' keyword""" # returns=int option results = genword(returns=5000) self.assertResultContents(results, 5000, ascii_62) # returns=iter option gen = genword(returns=iter) results = [next(gen) for _ in range(5000)] self.assertResultContents(results, 5000, ascii_62) # invalid returns option self.assertRaises(TypeError, genword, returns='invalid-type')
def generate_token(key=None, stamp=None): """ generate a pair of a secret key and a crypto token. you can use this to implement a password recovery functionality by calling generate_token() and transmitting the returned token to the (correct) user (e.g. by email) and storing the returned (secret) key into the user's profile on the server side. after the user received the token, he returns to the wiki, gives his user name or email address and the token he received. read the (secret) key from the user profile and call valid_token(key, token) to verify if the token is valid. if it is, consider the user authenticated, remove the secret key from his profile and let him reset his password. :param key: give it to recompute some specific token for verification :param stamp: give it to recompute some specific token for verification :rtype: 2-tuple :returns: key, token (both unicode) """ if key is None: key = genword(length=32) if stamp is None: stamp = int(time.time()) h = hmac.new(str(key), str(stamp), digestmod=hashlib.sha256).hexdigest() token = u"{0}-{1}".format(stamp, h) return unicode(key), token
def create_user(self, user_kwargs, _commit=True): """Create a new user record and optionally persist to the database. :param user_kwargs: dict of values to construct the User record. Special arg is `mail_enabled`, which will be popped out. :param _commit: option for persisting record to database. Default True. """ mail_enabled = user_kwargs.pop('mail_enabled', True) from passlib.pwd import genword user_kwargs.setdefault('password', genword(entropy='secure')) user_class = self.entity_registry.user_cls user = user_class(**user_kwargs) db.session.add(user) db.session.flush() # generate the token AFTER flush, because the token may depend on things like timestamps # which may not be available earlier user.token_generate() if mail_enabled and self.mail_manager: self.mail_manager.send_new_user(user) # use add + commit here instead of user_class.add() above so the user isn't actually # committed if mail isn't sent. if _commit: db.session.commit() return user
def generate_token(cls) -> str: """Generate a random token for the invitation. Returns: Random token. """ return genword(length=64)
async def main(config, loop=None): if loop is None: loop = asyncio.get_event_loop() dsn = "postgres://{}:{}@{}:{}/{}".format(config["username"], config["password"], config["host"], config["port"], config["database"]) conn = await asyncpg.connect(dsn) # create a dummy repo for creating the admin repo_id = await conn.fetchval( "INSERT INTO repository (name, opened) VALUES ($1, $2) RETURNING id", "Dummy", False) admin_password = genword(length=8, charset="ascii_50") print("Admin password = {}".format(admin_password)) # super user await conn.execute( ("INSERT INTO client (login, password_hash, confirmed, super_user, " "first_name, last_name, email_address, repository_id) " "VALUES ($1, $2, $3, $4, $5, $6, $7, $8)"), "admin", sha256_crypt.hash(admin_password), True, True, "Admin", "Admin", "*****@*****.**", repo_id)
def send_recover_mail(cls, email, create_user, privacy=False): if create_user: user = User() user.email = email user.password = pwd.genword(length=16) user.active = False else: user = User.query.filter_by(email=email) if user.count() != 1: return False user = user.first() if privacy: user.privacy = True db.session.add(user) db.session.commit() recover_serializer = URLSafeTimedSerializer( current_app.config['SECRET_KEY']) recover_url = "%s/recover-check?id=%s" % ( current_app.config['PROJECT_URL'], recover_serializer.dumps( [user.id, sha256(str.encode(user.password)).hexdigest()], salt=current_app.config['SECURITY_PASSWORD_SALT'])) msg = Message( "Account zur Konfiguration des Feinstaubsensors erstellen", sender=current_app.config['MAILS_FROM'], recipients=[email], body=render_template('emails/register-existing.txt' if create_user else 'emails/recover.txt', recover_url=recover_url)) mail.send(msg) return True
def create_auth0_user(self, full_name, user_email): user_id = str(uuid.uuid4()) users = Users(domain, self.mgmt_api_token) generated_password = pwd.genword(entropy=56, charset="ascii_62") user_res = users.create({ "email": user_email, "user_metadata": { "was_invite": True }, "blocked": False, "email_verified": False, "app_metadata": {}, "nickname": full_name, "picture": "https://secure.gravatar.com/avatar/15626c5e0c749cb912f9d1ad48dba440?s=480&r=pg&d=https%3A%2F%2Fssl" ".gstatic.com%2Fs2%2Fprofiles%2Fimages%2Fsilhouette80.png", "user_id": user_id, "connection": "Username-Password-Authentication", "password": generated_password, "verify_email": True, }) LOG.info( f"Created user in auth0 for email {user_email} with user_id {user_id}" ) return user_res
def _generate_password(): """ Returns a randomly generated string of up to 32 characters :return: str """ return pwd.genword(entropy=48)
def register_device(): if 'loggedin' not in session: return redirect(url_for('ui.login', r=url_for('ui.register_device'))) msg = '' if request.method == 'POST': identifier = request.form['identifier'] exists = None if not identifier: flash('An identifier is required') else: try: secret_key = pwd.genword(entropy=56, charset='hex', length=32) cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute( 'SELECT identifier FROM devices WHERE identifier = %s', (identifier, )) exists = cursor.fetchone() if exists: msg = 'An device with that identifier already exists' else: cursor.execute( 'INSERT INTO devices (identifier, secret_key) VALUES (%s, %s)', (identifier, secret_key)) mysql.connection.commit() finally: cursor.close() if not exists: return redirect( url_for('ui.device_details', device_id=identifier)) return render_template('register_device.html', msg=msg)
def getSecretPassword(): if (current_user.is_authenticated and current_user.id == 1): password = pwd.genword(entropy=52, length=48, charset="ascii_72") current_user.edit_name( password_encode(password)) #Update new secret password to database return password else: return redirect(url_for('logout'))
def device_ios10_profile(device): password = pwd.genword() return flask.Response( response=flask.render_template('frontend/devices/ios10_profile.xml', device=device, b64encode=lambda s: b64encode(s).decode('US-ASCII'), password=password), mimetype='application/octet-stream')
def test_general(self): """general behavior""" # basic usage result = genword() self.assertEqual(len(result), 9) # malformed keyword should have useful error. self.assertRaisesRegex(TypeError, "(?i)unexpected keyword.*badkwd", genword, badkwd=True)
def _compute_clear_passwordlist(count): """internal unique routine to compute passwords""" return pwd.genword( length=16, entropy=56, chars= "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ0123456789&~\#{[|^@]}$%*,?.;/:!=+)(-'", returns=count, )
def reset_password(id): if not session['user']['admin']: return redirect('/profile') user = User.query.get(id) user.temp_pw = pwd.genword(length=12, charset='ascii_50') user.password = None db.session.commit() return redirect('/users')
def get_user(name): if name in user_cache: return user_cache[name] user = User.query.filter_by(name=name).first() if user is not None: return user user_pass = pwd.genword(128, charset='ascii_50') user = User(name=name, pass_hash=bcrypt.hash(user_pass)) print(f"Generated user={name} pass={user_pass}") db.session.add(user) return user
def generate_password(length: int) -> str: """Generate a password of a certain length. The password is generated as :param:`length` independent choices of a certain charset. The charset does not include ambiguous characters like ``l``, ``1``, ``0`` and ``O``. """ # without hard to distinguish characters l/1 0/O charset = "abcdefghijkmnopqrstuvwxyz!$%&()=.," \ ":;-_#+23456789ABCDEFGHIJKLMNPQRSTUVWXYZ" return genword(length=length, chars=charset)
def dashboard(): if 'loggedin' in session: if request.method == 'POST': if 'device_form' in request.form: #for later pass if 'api_key_form' in request.form: print("it's api key form") identifier = request.form['identifier'] exists = None if not identifier: flash('An identifier is required') else: try: secret_key = pwd.genword(entropy=56, charset='hex', length=32) cursor = mysql.connection.cursor( MySQLdb.cursors.DictCursor) cursor.execute( 'SELECT id FROM api_keys WHERE api_key = %s', (identifier, )) exists = cursor.fetchone() if exists: msg = 'A key with that name already exists' else: cursor.execute( 'INSERT INTO api_keys (name, api_key) VALUES (%s, %s)', (identifier, secret_key)) mysql.connection.commit() finally: cursor.close() print(request.form) cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT identifier as id FROM devices') devices = cursor.fetchall() last_data = {} for device in devices: cursor.execute( 'select time from data where device = %s group by time order by time desc limit 1', (device['id'], )) last_data[device['id']] = cursor.fetchone() cursor.execute('SELECT id, name, api_key FROM api_keys') api_keys = cursor.fetchall() return render_template('dashboard.html', devices=devices, api_keys=api_keys, last_data=last_data) return redirect(url_for('ui.login', r=url_for('ui.dashboard')))
def resetTokenPassword(tokenDB: TokenDB, token: Token) -> str: """Sets the password for this token to a new random string. Returns the new password. Since only a hash is stored in the password database, it is not possible to retrieve it later. """ password = genword(length=16) passwordFile = tokenDB.passwordFile passwordFile.load_if_changed() passwordFile.set_password(token.getId(), password) writePasswordFile(passwordFile) return password
def add_members( organization_id: int, *, invites: List[UserInvite] = Body(...), auth=Depends(authorization("organizations:add_members")), db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): try: members = crud.organization.get_members(db, id=organization_id) users_to_add = (invite for invite in invites if invite.email not in (u.get("email") for u in members)) for invite in users_to_add: user_in_db = user.get_by_email(db, email=invite.email) role = invite.role if invite.role else "guest" if not user_in_db: user_in_db = user.create( db, obj_in=UserCreate( full_name=invite.full_name, email=invite.email, password=pwd.genword(), ), ) else: organization_in_db = crud.organization.get(db, id=organization_id) if organization_in_db: send_new_invitation_email_task.delay( full_name=user_in_db.full_name, email_to=user_in_db.email, organization=organization_in_db.name, role=role) enforcer.add_role_for_user_in_domain( str(user_in_db.id), role, str(organization_id), ) enforcer.load_policy() return [ user for user in get_members( organization_id, auth=auth, db=db, current_user=current_user) if user.get("email") in (invite.email for invite in invites) ] except Exception as e: logging.error(e)
def generate_serial(length: int = 5) -> str: """Generate a valid session serial. A serial is comprised of the current timestamp and N random characters. Args: length (int): Length for the random string appended to the timestamp. Returns: Serial string. """ return '{}{}'.format(int(time.time()), genword(length=length))
def verify_password(self, password): if self.password is None: return False valid, new_hash = pwd_context.verify_and_update( password, self.password) if valid: if new_hash: self._password = new_hash self.session_token = genword(length=50) self.save() return True return False
def keyFor(self, path: SandboxedPath) -> str: """Return a key for accessing the given sandbox path. """ # Skip key generation if artifacts are public. if self.project.anonguest: return 'anon' key = genword(length=self.keyLength) self._activeKeys[key] = path reactor.callLater(self.keyTimeout, self.keyExpired, key) return key
def reset_password(userid: str) -> Response: user = User.query.filter_by(id=userid).first() if user is None: flash(i8n.USER_DOES_NOT_EXIST, category='error') return redirect(url_for('admin')) new_password = genword() user.password = encrypt_password(new_password) user.save() flash(i8n.PASSWORD_CHANGED_BY_ADMIN + new_password, category='success') return redirect(url_for('admin'))
def user_add(args): if args.generate: password = pwd.genword(128, charset='ascii_50') else: password = getpass.getpass("Password: "******"Again: ") if password != password_verify: raise RuntimeError("Passwords don't match.") pass_hash = bcrypt.hash(password) user = User(name=args.name, pass_hash=pass_hash) db.session.add(user) db.session.commit() print(f"User id: {user.id}")
def create_organization_root_node( *, db: Session = Depends(get_db), organization_in: OrganizationCreateRoot, current_user: User = Depends(get_current_user), ) -> Optional[Organization]: """ Create a new **root node for organizations tree**; If `owner_email` is present organization tree ownership will be affected to *existing or newly created user*, else organizations tree ownership will be affected to *superuser*. """ if not current_user.is_superuser: raise HTTPException( status_code=403, detail="You are not authorized to perform this action.") new_organization_root_node = organization.create_root( db, obj_in=organization_in).to_schema() if organization_in.owner_email: user_in_db = user.get_by_email(db, email=organization_in.owner_email) if not user_in_db: user_in_db = user.create( db, obj_in=UserCreate( full_name=organization_in.owner_email.split("@")[0], email=organization_in.owner_email, password=pwd.genword(), ), ) if new_organization_root_node: send_new_invitation_email_task.delay( full_name=user_in_db.full_name, email_to=user_in_db.email, organization=new_organization_root_node.name, role="owner") enforcer.add_role_for_user_in_domain( str(user_in_db.id), "owner", str(new_organization_root_node.id)) enforcer.load_policy() else: enforcer.add_role_for_user_in_domain( str(current_user.id), "owner", str(new_organization_root_node.id)) enforcer.load_policy() current_roles = enforcer.get_roles_for_user_in_domain( str(current_user.id), str(new_organization_root_node.id)) if len(current_roles) > 0: new_organization_root_node.current_user_role = current_roles[0] if current_user.is_superuser: new_organization_root_node.current_user_role = 'admin' # new_organization_root_node.current_user_role = current_roles[0] return new_organization_root_node
class Config: '''Provide Flask configuration.''' SQLALCHEMY_DATABASE_URI: str = os.getenv( 'SQLALCHEMY_DATABASE_URI', f"{db_type}://{db_user}:{db_pass}@{db_host}:{db_port}/{db_name}") SQLALCHEMY_ECHO: bool = bool(os.getenv('SQLALCHEMY_ECHO', True)) SQLALCHEMY_TRACK_MODIFICATIONS: bool = bool( os.getenv('SQLALCHEMY_TRACK_MODIFICATIONS', False)) SESSION_COOKIE_SECURE: bool = True SESSION_COOKIE_HTTPONLY: bool = True SESSION_COOKIE_SAMESITE: str = 'Lax' SECRET_KEY: str = genword(entropy=56, length=128) WTF_CSRF_SECRET_KEY: str = genword(entropy=56, length=128) SESSION_TYPE: str = session_type SESSION_PERMANENT: bool = True SESSION_USE_SIGNER: bool = True SESSION_REDIS = Redis(**session) # type: ignore SSE_REDIS_URL = "redis://:{p}@{h}:{s}".format(p=session['password'], h=session['host'], s=session['port'])
def _initArgs(self, element: Optional[Resource] ) -> Mapping[str, object]: if element is None: return dict(secret=genword(length=20)) elif element.typeName == repoResourceTypeName: return dict( locator = element.getParameter('locator') or '', secret = element.getParameter('secret') or '', capabilities = ' '.join(element.capabilities), description = element['description'] ) else: raise InvalidRequest( f'Resource "{element.getId()}" is not a repository' )
def _create_default_users(self): print('adding default system users') roles = self.session.query(Role).filter(Role.name == 'system').all() for user_data in system_users: user_fields = system_users[user_data] print(' user: @%s' % user_fields['login']) if user_fields['password'] is None: user_fields['password'] = pwd.genword() password_hash = pwd_context.encrypt(user_fields['password']) user = User(name_first=str(user_fields['first']), name_last=str(user_fields['last']), email=str(user_fields['email']), login=user_fields['login'], password_hash=password_hash, roles=roles) try: self.session.add(user) self.session.commit() except IntegrityError: self.session.rollback()
def token_create(user_email): user_email = user_email or flask_login.current_user.email user = models.User.query.get(user_email) or flask.abort(404) form = forms.TokenForm() wtforms_components.read_only(form.displayed_password) if not form.raw_password.data: form.raw_password.data = pwd.genword(entropy=128, charset="hex") form.displayed_password.data = form.raw_password.data if form.validate_on_submit(): token = models.Token(user=user) token.set_password(form.raw_password.data) form.populate_obj(token) db.session.add(token) db.session.commit() flask.flash('Authentication token created') return flask.redirect( flask.url_for('.token_list', user_email=user.email)) return flask.render_template('token/create.html', form=form)
def reset_password(self, password: Optional[str] = None) -> str: new_password = password or genword() self.password = hash_password(new_password) return new_password