def __init__(self, password=None, **kwargs): """Create instance.""" db.Model.__init__(self, **kwargs) self.salt = getrandstr(rng, digits + letters, 80) self.api_token = getrandstr(rng, digits + letters, 80) if password: self.set_password(password) else: self.password = None if self.user_id == 1: self.is_admin = True
def __init__(self, password=None, **kwargs): """ Create instance. """ db.Model.__init__(self, **kwargs) # Config adjusts the default active status if "active" not in kwargs: self.active = not current_app.config["USER_REGISTRATION_APPROVAL"] self.salt = getrandstr(rng, digits + letters, 80) self.api_token = getrandstr(rng, digits + letters, 80) if password: self.set_password(password) else: self.password = None
def test_repair_unused(self): "test repair_unused()" # NOTE: this test relies on encode_bytes() always returning clear # padding bits - which should be ensured by test vectors. from passlib.utils import rng, getrandstr engine = self.engine check_repair_unused = self.engine.check_repair_unused i = 0 while i < 300: size = rng.randint(0,23) cdata = getrandstr(rng, engine.charmap, size).encode("ascii") if size & 3 == 1: # should throw error self.assertRaises(ValueError, check_repair_unused, cdata) continue rdata = engine.encode_bytes(engine.decode_bytes(cdata)) if rng.random() < .5: cdata = cdata.decode("ascii") rdata = rdata.decode("ascii") if cdata == rdata: # should leave unchanged ok, result = check_repair_unused(cdata) self.assertFalse(ok) self.assertEqual(result, rdata) else: # should repair bits self.assertNotEqual(size % 4, 0) ok, result = check_repair_unused(cdata) self.assertTrue(ok) self.assertEqual(result, rdata) i += 1
def test_repair_unused(self): "test repair_unused()" # NOTE: this test relies on encode_bytes() always returning clear # padding bits - which should be ensured by test vectors. from passlib.utils import rng, getrandstr engine = self.engine check_repair_unused = self.engine.check_repair_unused i = 0 while i < 300: size = rng.randint(0, 23) cdata = getrandstr(rng, engine.charmap, size).encode("ascii") if size & 3 == 1: # should throw error self.assertRaises(ValueError, check_repair_unused, cdata) continue rdata = engine.encode_bytes(engine.decode_bytes(cdata)) if rng.random() < .5: cdata = cdata.decode("ascii") rdata = rdata.decode("ascii") if cdata == rdata: # should leave unchanged ok, result = check_repair_unused(cdata) self.assertFalse(ok) self.assertEqual(result, rdata) else: # should repair bits self.assertNotEqual(size % 4, 0) ok, result = check_repair_unused(cdata) self.assertTrue(ok) self.assertEqual(result, rdata) i += 1
def register(): form = RegisterForm(request.form) if request.method == 'POST' and form.validate(): email = form.email.data username = form.username.data name = form.name.data password = sha256_crypt.encrypt(form.password.data) error = errors(username, email) if not error['username'] and not error['email']: cursor = mysql.connection.cursor() token = getrandstr(random, string, 50) query = 'insert into users(email, username, name, password, confirmed) VALUES(%s,%s,%s,%s,%s)' cursor.execute(query, (email, username, name, password, token)) mysql.connection.commit() cursor.close() confirm_url = url_for('users.confirm_email', token=token, _external=True) html = render_template('users/email.html', confirm_url=confirm_url) subject = 'Hesabınızı Təsdiqləyin' send_email(to=email, subject=subject, template=html) flash('Qeydiyyatdan uğurla keçdiniz!', 'success') return redirect(url_for('users.login')) elif error['username'] == True: flash('Belə istifadəçi adı var', 'danger') elif error['email'] == True: flash('Bu email istifadə olunub', 'danger') return render_template('users/register.html', form=form)
def _gen(self): while True: secret = getrandstr(self.rng, self.charset, self.size) # check that it satisfies minimum self-information limit # set by min_complexity. i.e., reject strings like "aaaaaaaa" if _average_entropy(secret) >= self._min_entropy: return secret
def generate_feed_id(self): done = False while not done: self.feed_id = getrandstr(rng, "qwertyuiopasdfghjklzxcvbnm1234567890", 100) user_list_cursor = Client.users.find({"feed_id": self.feed_id}) if user_list_cursor.count() == 0: done = True
def random_string(length, allowed_chars=None): """ Generate a random string with given length consisting of the given characters. Note: this is now just a little wrapper around passlib's randomness code. :param length: length of the str :param allowed_chars: str with allowed characters :returns: random string """ assert allowed_chars is not None s = getrandstr(rng, allowed_chars, length) return s
def check_int_pair(self, bits, encoded_pairs): """helper to check encode_intXX & decode_intXX functions""" rng = self.getRandom() engine = self.engine encode = getattr(engine, "encode_int%s" % bits) decode = getattr(engine, "decode_int%s" % bits) pad = -bits % 6 chars = (bits + pad) // 6 upper = 1 << bits # test encode func for value, encoded in encoded_pairs: result = encode(value) self.assertIsInstance(result, bytes) self.assertEqual(result, encoded) self.assertRaises(ValueError, encode, -1) self.assertRaises(ValueError, encode, upper) # test decode func for value, encoded in encoded_pairs: self.assertEqual(decode(encoded), value, "encoded %r:" % (encoded, )) m = self.m self.assertRaises(ValueError, decode, m(0) * (chars + 1)) self.assertRaises(ValueError, decode, m(0) * (chars - 1)) self.assertRaises(ValueError, decode, self.bad_byte * chars) self.assertRaises(TypeError, decode, engine.charmap[0]) self.assertRaises(TypeError, decode, None) # do random testing. from passlib.utils import getrandstr for i in irange(100): # generate random value, encode, and then decode value = rng.randint(0, upper - 1) encoded = encode(value) self.assertEqual(len(encoded), chars) self.assertEqual(decode(encoded), value) # generate some random encoded data, decode, then encode. encoded = getrandstr(rng, engine.bytemap, chars) value = decode(encoded) self.assertGreaterEqual(value, 0, "decode %r out of bounds:" % encoded) self.assertLess(value, upper, "decode %r out of bounds:" % encoded) result = encode(value) if pad: self.assertEqual(result[:-2], encoded[:-2]) else: self.assertEqual(result, encoded)
def random_string(length, allowed_chars=None): """ Generate a random string with given length consisting of the given characters. Note: this is now just a little wrapper around passlib's randomness code. :param length: length of the string :param allowed_chars: string with allowed characters or None to indicate all 256 byte values should be used :returns: random string """ if allowed_chars is None: s = getrandbytes(rng, length) else: s = getrandstr(rng, allowed_chars, length) return s
def check_int_pair(self, bits, encoded_pairs): """helper to check encode_intXX & decode_intXX functions""" rng = self.getRandom() engine = self.engine encode = getattr(engine, "encode_int%s" % bits) decode = getattr(engine, "decode_int%s" % bits) pad = -bits % 6 chars = (bits+pad)//6 upper = 1<<bits # test encode func for value, encoded in encoded_pairs: result = encode(value) self.assertIsInstance(result, bytes) self.assertEqual(result, encoded) self.assertRaises(ValueError, encode, -1) self.assertRaises(ValueError, encode, upper) # test decode func for value, encoded in encoded_pairs: self.assertEqual(decode(encoded), value, "encoded %r:" % (encoded,)) m = self.m self.assertRaises(ValueError, decode, m(0)*(chars+1)) self.assertRaises(ValueError, decode, m(0)*(chars-1)) self.assertRaises(ValueError, decode, self.bad_byte*chars) self.assertRaises(TypeError, decode, engine.charmap[0]) self.assertRaises(TypeError, decode, None) # do random testing. from passlib.utils import getrandstr for i in irange(100): # generate random value, encode, and then decode value = rng.randint(0, upper-1) encoded = encode(value) self.assertEqual(len(encoded), chars) self.assertEqual(decode(encoded), value) # generate some random encoded data, decode, then encode. encoded = getrandstr(rng, engine.bytemap, chars) value = decode(encoded) self.assertGreaterEqual(value, 0, "decode %r out of bounds:" % encoded) self.assertLess(value, upper, "decode %r out of bounds:" % encoded) result = encode(value) if pad: self.assertEqual(result[:-2], encoded[:-2]) else: self.assertEqual(result, encoded)
def test_codec(self): """test encode_bytes/decode_bytes against random data""" engine = self.engine from passlib.utils import getrandbytes, getrandstr rng = self.getRandom() saw_zero = False for i in irange(500): # # test raw -> encode() -> decode() -> raw # # generate some random bytes size = rng.randint(1 if saw_zero else 0, 12) if not size: saw_zero = True enc_size = (4*size+2)//3 raw = getrandbytes(rng, size) # encode them, check invariants encoded = engine.encode_bytes(raw) self.assertEqual(len(encoded), enc_size) # make sure decode returns original result = engine.decode_bytes(encoded) self.assertEqual(result, raw) # # test encoded -> decode() -> encode() -> encoded # # generate some random encoded data if size % 4 == 1: size += rng.choice([-1,1,2]) raw_size = 3*size//4 encoded = getrandstr(rng, engine.bytemap, size) # decode them, check invariants raw = engine.decode_bytes(encoded) self.assertEqual(len(raw), raw_size, "encoded %d:" % size) # make sure encode returns original (barring padding bits) result = engine.encode_bytes(raw) if size % 4: self.assertEqual(result[:-1], encoded[:-1]) else: self.assertEqual(result, encoded)
def resend(): cursor = mysql.connection.cursor() id = session['user']['id'] cursor.execute('select confirmed,email from users where id =%s', (id, )) user = cursor.fetchone() email = user['email'] if user['confirmed'] == '1': pass else: token = getrandstr(random, string, 50) cursor.execute('update users set confirmed =%s where id=%s', (token, id)) mysql.connection.commit() cursor.close() confirm_url = url_for('users.confirm_email', token=token, _external=True) html = render_template('email.html', confirm_url=confirm_url) subject = 'Hesabınızı Təsdiqləyin' send_email(to=email, subject=subject, template=html) flash('Yenidən göndərildi', 'success') return redirect(url_for('users.activate'))
def generate_salt(cls, salt_size=None, strict=False): """helper method for norm_salt(); generates a new random salt string. :param salt_size: optional salt size, falls back to :attr:`default_salt_size`. :param strict: if too-large salt should throw error, or merely be trimmed. """ if salt_size is None: salt_size = cls.default_salt_size else: mn = cls.min_salt_size if mn and salt_size < mn: raise ValueError("%s salt string must be at least %d characters" % (cls.name, mn)) mx = cls.max_salt_size if mx and salt_size > mx: if strict: raise ValueError("%s salt string must be at most %d characters" % (cls.name, mx)) salt_size = mx if cls._salt_is_bytes: if cls.salt_chars != ALL_BYTE_VALUES: raise NotImplementedError("raw salts w/ only certain bytes not supported") return getrandbytes(rng, salt_size) else: return getrandstr(rng, cls.default_salt_chars, salt_size)
def f(*a, **k): return getrandstr(rng, *a, **k)
def f(*a, **k): return utils.getrandstr(utils.rng, *a, **k)
def __next__(self): # XXX: could do things like optionally ensure certain character groups # (e.g. letters & punctuation) are included return getrandstr(self.rng, self.chars, self.length)
def reset_password(self): password = getrandstr(rng, digits + letters, 10) self.set_password(password) return password
def _calc_checksum(self, secret): # generate random suffix to match django's behavior return getrandstr(rng, BASE64_CHARS[:-2], self.suffix_length)
def f(*a,**k): return getrandstr(rng, *a, **k)
def f(*a,**k): return utils.getrandstr(utils.rng, *a, **k)
def generate_salt(cls, salt_size=None, strict=False): assert cls.min_salt_size == cls.max_salt_size == cls.default_salt_size == 22 if salt_size is not None and salt_size != 22: raise ValueError("bcrypt salts must be 22 characters in length") return getrandstr(rng, BCHARS, 21) + getrandstr(rng, BSLAST, 1)