mirror of
https://github.com/zulip/zulip.git
synced 2026-07-12 21:04:41 +08:00
Create accounts with passwords which are deterministic but hard to guess (from the outside)
(imported from commit 964610fec6c4690c1e881f2bab252296663c819a)
This commit is contained in:
parent
21ed4d2506
commit
cc8a14fcf8
@ -84,6 +84,9 @@ if deployed:
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
|
||||
# Another salt, used just for generating initial passwords.
|
||||
INITIAL_PASSWORD_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
|
||||
|
||||
# A shared secret, used to authenticate different parts of the app to each other.
|
||||
# FIXME: store this password more securely
|
||||
SHARED_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
|
||||
|
||||
12
zephyr/lib/initial_password.py
Normal file
12
zephyr/lib/initial_password.py
Normal file
@ -0,0 +1,12 @@
|
||||
from django.conf import settings
|
||||
|
||||
import hashlib
|
||||
import base64
|
||||
|
||||
def initial_password(email):
|
||||
|
||||
"""Given an email address, returns the initial password for that account, as
|
||||
created by populate_db."""
|
||||
|
||||
digest = hashlib.sha256(settings.INITIAL_PASSWORD_SALT + email).digest()
|
||||
return base64.b64encode(digest)[:16]
|
||||
@ -6,6 +6,7 @@ from zephyr.models import Message, UserProfile, Stream, Recipient, \
|
||||
Subscription, Huddle, get_huddle, Realm, UserMessage, get_user_profile_by_id, \
|
||||
create_user, do_send_message, create_user_if_needed, create_stream_if_needed
|
||||
from zephyr.lib.parallel import run_parallel
|
||||
from zephyr.lib.initial_password import initial_password
|
||||
from django.db import transaction
|
||||
from django.conf import settings
|
||||
from api import mit_subs_list
|
||||
@ -13,18 +14,16 @@ from api import mit_subs_list
|
||||
import simplejson
|
||||
import datetime
|
||||
import random
|
||||
import hashlib
|
||||
from optparse import make_option
|
||||
|
||||
def create_users(name_list):
|
||||
for name, email in name_list:
|
||||
(short_name, domain) = email.split("@")
|
||||
password = short_name
|
||||
if User.objects.filter(email=email):
|
||||
# We're trying to create the same user twice!
|
||||
raise
|
||||
realm = Realm.objects.get(domain=domain)
|
||||
create_user(email, password, realm, name, short_name)
|
||||
create_user(email, initial_password(email), realm, name, short_name)
|
||||
|
||||
def create_streams(stream_list, realm):
|
||||
for name in stream_list:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user