0001-misc-use-SystemRandom-to-generate-passwords-43154.patch
src/authentic2/passwords.py | ||
---|---|---|
43 | 43 |
min_class_count = max(app_settings.A2_PASSWORD_POLICY_MIN_CLASSES, 3) |
44 | 44 |
new_password = [] |
45 | 45 | |
46 |
generator = random.SystemRandom() |
|
46 | 47 |
while len(new_password) < min_len: |
47 | 48 |
for cls in (digits, lower, upper, punc)[:min_class_count]: |
48 |
new_password.append(random.choice(cls))
|
|
49 |
random.shuffle(new_password)
|
|
49 |
new_password.append(generator.choice(cls))
|
|
50 |
generator.shuffle(new_password)
|
|
50 | 51 |
return ''.join(new_password) |
51 | 52 | |
52 | 53 |
tests/test_passwords.py | ||
---|---|---|
1 |
# authentic2 - versatile identity manager |
|
2 |
# Copyright (C) 2010-2019 Entr'ouvert |
|
3 |
# |
|
4 |
# This program is free software: you can redistribute it and/or modify it |
|
5 |
# under the terms of the GNU Affero General Public License as published |
|
6 |
# by the Free Software Foundation, either version 3 of the License, or |
|
7 |
# (at your option) any later version. |
|
8 |
# |
|
9 |
# This program is distributed in the hope that it will be useful, |
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
# GNU Affero General Public License for more details. |
|
13 |
# |
|
14 |
# You should have received a copy of the GNU Affero General Public License |
|
15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | ||
17 |
from __future__ import unicode_literals |
|
18 | ||
19 |
import string |
|
20 | ||
21 |
from authentic2 import app_settings |
|
22 |
from authentic2.passwords import generate_password |
|
23 | ||
24 | ||
25 |
def test_generate_password(): |
|
26 |
passwords = set(generate_password() for i in range(10)) |
|
27 | ||
28 |
char_classes = [string.digits, string.lowercase, string.uppercase, string.punctuation] |
|
29 |
assert len(passwords) == 10 |
|
30 |
for password in passwords: |
|
31 |
assert len(password) >= max(app_settings.A2_PASSWORD_POLICY_MIN_LENGTH, 8) |
|
32 |
assert (sum(any(char in char_class for char in password) for char_class in char_classes) |
|
33 |
== max(app_settings.A2_PASSWORD_POLICY_MIN_CLASSES, 3)) |
|
0 |
- |