Projet

Général

Profil

0001-misc-use-SystemRandom-to-generate-passwords-43154.patch

Benjamin Dauvergne, 20 mai 2020 14:12

Télécharger (2,65 ko)

Voir les différences: 

Subject: [PATCH] misc: use SystemRandom to generate passwords (#43154)


 src/authentic2/passwords.py |  5 +++--
 tests/test_passwords.py     | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 tests/test_passwords.py
src/authentic2/passwords.py
43 43 
    min_class_count = max(app_settings.A2_PASSWORD_POLICY_MIN_CLASSES, 3)
44 44 
    new_password = []
45 45 

  		




  
  46
  
    
    generator = random.SystemRandom()

  		




  46
  47
  
    
    while len(new_password) < min_len:

  		




  47
  48
  
    
        for cls in (digits, lower, upper, punc)[:min_class_count]:

  		




  48
  
  
    
            new_password.append(random.choice(cls))

  		




  49
  
  
    
    random.shuffle(new_password)

  		




  
  49
  
    
            new_password.append(generator.choice(cls))

  		




  
  50
  
    
    generator.shuffle(new_password)

  		




  50
  51
  
    
    return ''.join(new_password)

  		




  51
  52
  
    

  		




  52
  53
  
    

  		












  

    
      tests/test_passwords.py
    
  





  
  1
  
    
# authentic2 - versatile identity manager

  		




  
  2
  
    
# Copyright (C) 2010-2019 Entr'ouvert

  		




  
  3
  
    
#

  		




  
  4
  
    
# This program is free software: you can redistribute it and/or modify it

  		




  
  5
  
    
# under the terms of the GNU Affero General Public License as published

  		




  
  6
  
    
# by the Free Software Foundation, either version 3 of the License, or

  		




  
  7
  
    
# (at your option) any later version.

  		




  
  8
  
    
#

  		




  
  9
  
    
# This program is distributed in the hope that it will be useful,

  		




  
  10
  
    
# but WITHOUT ANY WARRANTY; without even the implied warranty of

  		




  
  11
  
    
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  		




  
  12
  
    
# GNU Affero General Public License for more details.

  		




  
  13
  
    
#

  		




  
  14
  
    
# You should have received a copy of the GNU Affero General Public License

  		




  
  15
  
    
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

  		




  
  16
  
    

  		




  
  17
  
    
from __future__ import unicode_literals

  		




  
  18
  
    

  		




  
  19
  
    
import string

  		




  
  20
  
    

  		




  
  21
  
    
from authentic2 import app_settings

  		




  
  22
  
    
from authentic2.passwords import generate_password

  		




  
  23
  
    

  		




  
  24
  
    

  		




  
  25
  
    
def test_generate_password():

  		




  
  26
  
    
    passwords = set(generate_password() for i in range(10))

  		




  
  27
  
    

  		




  
  28
  
    
    char_classes = [string.digits, string.lowercase, string.uppercase, string.punctuation]

  		




  
  29
  
    
    assert len(passwords) == 10

  		




  
  30
  
    
    for password in passwords:

  		




  
  31
  
    
        assert len(password) >= max(app_settings.A2_PASSWORD_POLICY_MIN_LENGTH, 8)

  		




  
  32
  
    
        assert (sum(any(char in char_class for char in password) for char_class in char_classes)

  		




  
  33
  
    
                == max(app_settings.A2_PASSWORD_POLICY_MIN_CLASSES, 3))

  		




  0
  
  
    
-