1
0
mirror of https://github.com/django/django.git synced 2025-01-27 10:39:40 +00:00

Cleanup to use get_random_string consistently.

Removes several ad hoc implementations of get_random_string()
and removes an innapropriate use of settings.SECRET_KEY.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Paul McMillan 2012-02-23 21:39:12 +00:00
parent f2de5f4cab
commit 239e41f7c5
3 changed files with 18 additions and 30 deletions

View File

@ -1,7 +1,4 @@
import base64 import base64
import hashlib
import os
import random
import time import time
from datetime import datetime, timedelta from datetime import datetime, timedelta
try: try:
@ -11,16 +8,11 @@ except ImportError:
from django.conf import settings from django.conf import settings
from django.core.exceptions import SuspiciousOperation from django.core.exceptions import SuspiciousOperation
from django.utils.crypto import constant_time_compare, salted_hmac from django.utils.crypto import constant_time_compare
from django.utils.crypto import get_random_string
from django.utils.crypto import salted_hmac
from django.utils import timezone from django.utils import timezone
# Use the system (hardware-based) random number generator if it exists.
if hasattr(random, 'SystemRandom'):
randrange = random.SystemRandom().randrange
else:
randrange = random.randrange
MAX_SESSION_KEY = 18446744073709551616L # 2 << 63
class CreateError(Exception): class CreateError(Exception):
""" """
Used internally as a consistent exception type to catch from save (see the Used internally as a consistent exception type to catch from save (see the
@ -138,17 +130,12 @@ class SessionBase(object):
def _get_new_session_key(self): def _get_new_session_key(self):
"Returns session key that isn't being used." "Returns session key that isn't being used."
# The random module is seeded when this Apache child is created. # Todo: move to 0-9a-z charset in 1.5
# Use settings.SECRET_KEY as added salt. hex_chars = '1234567890abcdef'
try: # session_key should not be case sensitive because some backends
pid = os.getpid() # can store it on case insensitive file systems.
except AttributeError:
# No getpid() in Jython, for example
pid = 1
while True: while True:
session_key = hashlib.md5("%s%s%s%s" session_key = get_random_string(32, hex_chars)
% (randrange(0, MAX_SESSION_KEY), pid, time.time(),
settings.SECRET_KEY)).hexdigest()
if not self.exists(session_key): if not self.exists(session_key):
break break
return session_key return session_key

View File

@ -1,7 +1,6 @@
from random import choice
from django.core.management.base import CommandError from django.core.management.base import CommandError
from django.core.management.templates import TemplateCommand from django.core.management.templates import TemplateCommand
from django.utils.crypto import get_random_string
from django.utils.importlib import import_module from django.utils.importlib import import_module
@ -27,6 +26,6 @@ class Command(TemplateCommand):
# Create a random SECRET_KEY hash to put it in the main settings. # Create a random SECRET_KEY hash to put it in the main settings.
chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
options['secret_key'] = ''.join([choice(chars) for i in range(50)]) options['secret_key'] = get_random_string(50, chars)
super(Command, self).handle('project', project_name, target, **options) super(Command, self).handle('project', project_name, target, **options)

View File

@ -7,6 +7,13 @@ import struct
import hashlib import hashlib
import binascii import binascii
import operator import operator
import random
try:
random = random.SystemRandom()
except NotImplementedError:
pass
from django.conf import settings from django.conf import settings
@ -43,13 +50,8 @@ def get_random_string(length=12,
Returns a random string of length characters from the set of a-z, A-Z, 0-9. Returns a random string of length characters from the set of a-z, A-Z, 0-9.
The default length of 12 with the a-z, A-Z, 0-9 character set returns The default length of 12 with the a-z, A-Z, 0-9 character set returns
a 71-bit salt. log_2((26+26+10)^12) =~ 71 bits a 71-bit value. log_2((26+26+10)^12) =~ 71 bits
""" """
import random
try:
random = random.SystemRandom()
except NotImplementedError:
pass
return ''.join([random.choice(allowed_chars) for i in range(length)]) return ''.join([random.choice(allowed_chars) for i in range(length)])