mirror of
https://github.com/django/django.git
synced 2025-01-27 10:39:40 +00:00
Cleanup to use get_random_string consistently.
Removes several ad hoc implementations of get_random_string() and removes an innapropriate use of settings.SECRET_KEY. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
f2de5f4cab
commit
239e41f7c5
@ -1,7 +1,4 @@
|
|||||||
import base64
|
import base64
|
||||||
import hashlib
|
|
||||||
import os
|
|
||||||
import random
|
|
||||||
import time
|
import time
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
try:
|
try:
|
||||||
@ -11,16 +8,11 @@ except ImportError:
|
|||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import SuspiciousOperation
|
||||||
from django.utils.crypto import constant_time_compare, salted_hmac
|
from django.utils.crypto import constant_time_compare
|
||||||
|
from django.utils.crypto import get_random_string
|
||||||
|
from django.utils.crypto import salted_hmac
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
|
||||||
# Use the system (hardware-based) random number generator if it exists.
|
|
||||||
if hasattr(random, 'SystemRandom'):
|
|
||||||
randrange = random.SystemRandom().randrange
|
|
||||||
else:
|
|
||||||
randrange = random.randrange
|
|
||||||
MAX_SESSION_KEY = 18446744073709551616L # 2 << 63
|
|
||||||
|
|
||||||
class CreateError(Exception):
|
class CreateError(Exception):
|
||||||
"""
|
"""
|
||||||
Used internally as a consistent exception type to catch from save (see the
|
Used internally as a consistent exception type to catch from save (see the
|
||||||
@ -138,17 +130,12 @@ class SessionBase(object):
|
|||||||
|
|
||||||
def _get_new_session_key(self):
|
def _get_new_session_key(self):
|
||||||
"Returns session key that isn't being used."
|
"Returns session key that isn't being used."
|
||||||
# The random module is seeded when this Apache child is created.
|
# Todo: move to 0-9a-z charset in 1.5
|
||||||
# Use settings.SECRET_KEY as added salt.
|
hex_chars = '1234567890abcdef'
|
||||||
try:
|
# session_key should not be case sensitive because some backends
|
||||||
pid = os.getpid()
|
# can store it on case insensitive file systems.
|
||||||
except AttributeError:
|
|
||||||
# No getpid() in Jython, for example
|
|
||||||
pid = 1
|
|
||||||
while True:
|
while True:
|
||||||
session_key = hashlib.md5("%s%s%s%s"
|
session_key = get_random_string(32, hex_chars)
|
||||||
% (randrange(0, MAX_SESSION_KEY), pid, time.time(),
|
|
||||||
settings.SECRET_KEY)).hexdigest()
|
|
||||||
if not self.exists(session_key):
|
if not self.exists(session_key):
|
||||||
break
|
break
|
||||||
return session_key
|
return session_key
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
from random import choice
|
|
||||||
|
|
||||||
from django.core.management.base import CommandError
|
from django.core.management.base import CommandError
|
||||||
from django.core.management.templates import TemplateCommand
|
from django.core.management.templates import TemplateCommand
|
||||||
|
from django.utils.crypto import get_random_string
|
||||||
from django.utils.importlib import import_module
|
from django.utils.importlib import import_module
|
||||||
|
|
||||||
|
|
||||||
@ -27,6 +26,6 @@ class Command(TemplateCommand):
|
|||||||
|
|
||||||
# Create a random SECRET_KEY hash to put it in the main settings.
|
# Create a random SECRET_KEY hash to put it in the main settings.
|
||||||
chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
|
chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
|
||||||
options['secret_key'] = ''.join([choice(chars) for i in range(50)])
|
options['secret_key'] = get_random_string(50, chars)
|
||||||
|
|
||||||
super(Command, self).handle('project', project_name, target, **options)
|
super(Command, self).handle('project', project_name, target, **options)
|
||||||
|
@ -7,6 +7,13 @@ import struct
|
|||||||
import hashlib
|
import hashlib
|
||||||
import binascii
|
import binascii
|
||||||
import operator
|
import operator
|
||||||
|
|
||||||
|
import random
|
||||||
|
try:
|
||||||
|
random = random.SystemRandom()
|
||||||
|
except NotImplementedError:
|
||||||
|
pass
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
|
||||||
|
|
||||||
@ -43,13 +50,8 @@ def get_random_string(length=12,
|
|||||||
Returns a random string of length characters from the set of a-z, A-Z, 0-9.
|
Returns a random string of length characters from the set of a-z, A-Z, 0-9.
|
||||||
|
|
||||||
The default length of 12 with the a-z, A-Z, 0-9 character set returns
|
The default length of 12 with the a-z, A-Z, 0-9 character set returns
|
||||||
a 71-bit salt. log_2((26+26+10)^12) =~ 71 bits
|
a 71-bit value. log_2((26+26+10)^12) =~ 71 bits
|
||||||
"""
|
"""
|
||||||
import random
|
|
||||||
try:
|
|
||||||
random = random.SystemRandom()
|
|
||||||
except NotImplementedError:
|
|
||||||
pass
|
|
||||||
return ''.join([random.choice(allowed_chars) for i in range(length)])
|
return ''.join([random.choice(allowed_chars) for i in range(length)])
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user