Mercurial > p > roundup > code
comparison roundup/cgi/actions.py @ 5488:52cb53eedf77
reworked random number use
prefer secrets module from Python 3.6+, random.SystemRandom and finally plain random
| author | Christof Meerwald <cmeerw@cmeerw.org> |
|---|---|
| date | Sat, 04 Aug 2018 22:40:16 +0100 |
| parents | b50a4c85c270 |
| children | 4f6e1ce89557 |
comparison
equal
deleted
inserted
replaced
| 5487:ce171c81d823 | 5488:52cb53eedf77 |
|---|---|
| 1 import re, cgi, time, random, csv, codecs | 1 import re, cgi, time, csv, codecs |
| 2 | 2 |
| 3 from roundup import hyperdb, token, date, password | 3 from roundup import hyperdb, token, date, password |
| 4 from roundup.actions import Action as BaseAction | 4 from roundup.actions import Action as BaseAction |
| 5 from roundup.i18n import _ | 5 from roundup.i18n import _ |
| 6 from roundup.cgi import exceptions, templating | 6 from roundup.cgi import exceptions, templating |
| 7 from roundup.mailgw import uidFromAddress | 7 from roundup.mailgw import uidFromAddress |
| 8 from roundup.exceptions import Reject, RejectRaw | 8 from roundup.exceptions import Reject, RejectRaw |
| 9 from roundup.anypy import urllib_ | 9 from roundup.anypy import urllib_ |
| 10 from roundup.anypy.strings import StringIO | 10 from roundup.anypy.strings import StringIO |
| 11 import roundup.anypy.random_ as random_ | |
| 11 | 12 |
| 12 # Also add action to client.py::Client.actions property | 13 # Also add action to client.py::Client.actions property |
| 13 __all__ = ['Action', 'ShowAction', 'RetireAction', 'RestoreAction', 'SearchAction', | 14 __all__ = ['Action', 'ShowAction', 'RetireAction', 'RestoreAction', 'SearchAction', |
| 14 'EditCSVAction', 'EditItemAction', 'PassResetAction', | 15 'EditCSVAction', 'EditItemAction', 'PassResetAction', |
| 15 'ConfRegoAction', 'RegisterAction', 'LoginAction', 'LogoutAction', | 16 'ConfRegoAction', 'RegisterAction', 'LoginAction', 'LogoutAction', |
| 961 self.client.add_error_message( | 962 self.client.add_error_message( |
| 962 self._('You need to specify a username or address')) | 963 self._('You need to specify a username or address')) |
| 963 return | 964 return |
| 964 | 965 |
| 965 # generate the one-time-key and store the props for later | 966 # generate the one-time-key and store the props for later |
| 966 otk = ''.join([random.choice(chars) for x in range(32)]) | 967 otk = ''.join([random_.choice(chars) for x in range(32)]) |
| 967 while otks.exists(otk): | 968 while otks.exists(otk): |
| 968 otk = ''.join([random.choice(chars) for x in range(32)]) | 969 otk = ''.join([random_.choice(chars) for x in range(32)]) |
| 969 otks.set(otk, uid=uid, uaddress=address) | 970 otks.set(otk, uid=uid, uaddress=address) |
| 970 otks.commit() | 971 otks.commit() |
| 971 | 972 |
| 972 # send the email | 973 # send the email |
| 973 tracker_name = self.db.config.TRACKER_NAME | 974 tracker_name = self.db.config.TRACKER_NAME |
| 1082 elif isinstance(proptype, hyperdb.Interval): | 1083 elif isinstance(proptype, hyperdb.Interval): |
| 1083 user_props[propname] = str(value) | 1084 user_props[propname] = str(value) |
| 1084 elif isinstance(proptype, hyperdb.Password): | 1085 elif isinstance(proptype, hyperdb.Password): |
| 1085 user_props[propname] = str(value) | 1086 user_props[propname] = str(value) |
| 1086 otks = self.db.getOTKManager() | 1087 otks = self.db.getOTKManager() |
| 1087 otk = ''.join([random.choice(chars) for x in range(32)]) | 1088 otk = ''.join([random_.choice(chars) for x in range(32)]) |
| 1088 while otks.exists(otk): | 1089 while otks.exists(otk): |
| 1089 otk = ''.join([random.choice(chars) for x in range(32)]) | 1090 otk = ''.join([random_.choice(chars) for x in range(32)]) |
| 1090 otks.set(otk, **user_props) | 1091 otks.set(otk, **user_props) |
| 1091 | 1092 |
| 1092 # send the email | 1093 # send the email |
| 1093 tracker_name = self.db.config.TRACKER_NAME | 1094 tracker_name = self.db.config.TRACKER_NAME |
| 1094 tracker_email = self.db.config.TRACKER_EMAIL | 1095 tracker_email = self.db.config.TRACKER_EMAIL |