From cc8a14fcf885ce6b37cc2d2fe7c2baa42cc4ef65 Mon Sep 17 00:00:00 2001 From: Keegan McAllister Date: Wed, 10 Oct 2012 10:59:59 -0400 Subject: [PATCH] Create accounts with passwords which are deterministic but hard to guess (from the outside) (imported from commit 964610fec6c4690c1e881f2bab252296663c819a) --- humbug/settings.py | 3 +++ zephyr/lib/initial_password.py | 12 ++++++++++++ zephyr/management/commands/populate_db.py | 5 ++--- 3 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 zephyr/lib/initial_password.py diff --git a/humbug/settings.py b/humbug/settings.py index 8fd629062a..13474c10cf 100644 --- a/humbug/settings.py +++ b/humbug/settings.py @@ -84,6 +84,9 @@ if deployed: SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True +# Another salt, used just for generating initial passwords. +INITIAL_PASSWORD_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' + # A shared secret, used to authenticate different parts of the app to each other. # FIXME: store this password more securely SHARED_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' diff --git a/zephyr/lib/initial_password.py b/zephyr/lib/initial_password.py new file mode 100644 index 0000000000..c2130b46d2 --- /dev/null +++ b/zephyr/lib/initial_password.py @@ -0,0 +1,12 @@ +from django.conf import settings + +import hashlib +import base64 + +def initial_password(email): + + """Given an email address, returns the initial password for that account, as + created by populate_db.""" + + digest = hashlib.sha256(settings.INITIAL_PASSWORD_SALT + email).digest() + return base64.b64encode(digest)[:16] diff --git a/zephyr/management/commands/populate_db.py b/zephyr/management/commands/populate_db.py index 87d9af65fe..8993a03d22 100644 --- a/zephyr/management/commands/populate_db.py +++ b/zephyr/management/commands/populate_db.py @@ -6,6 +6,7 @@ from zephyr.models import Message, UserProfile, Stream, Recipient, \ Subscription, Huddle, get_huddle, Realm, UserMessage, get_user_profile_by_id, \ create_user, do_send_message, create_user_if_needed, create_stream_if_needed from zephyr.lib.parallel import run_parallel +from zephyr.lib.initial_password import initial_password from django.db import transaction from django.conf import settings from api import mit_subs_list @@ -13,18 +14,16 @@ from api import mit_subs_list import simplejson import datetime import random -import hashlib from optparse import make_option def create_users(name_list): for name, email in name_list: (short_name, domain) = email.split("@") - password = short_name if User.objects.filter(email=email): # We're trying to create the same user twice! raise realm = Realm.objects.get(domain=domain) - create_user(email, password, realm, name, short_name) + create_user(email, initial_password(email), realm, name, short_name) def create_streams(stream_list, realm): for name in stream_list: