[FIX] auth_signup, event_moodle, pad, share, survey: use system random number generator
Switch to system random as number generator instead of the default PRNG, which is not recommended for generating security-related values such as unique tokens. Closes #7761
This commit is contained in:
parent
52edf789c2
commit
93f5f86afd
|
@ -34,7 +34,7 @@ class SignupError(Exception):
|
|||
def random_token():
|
||||
# the token has an entropy of about 120 bits (6 bits/char * 20 chars)
|
||||
chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
|
||||
return ''.join(random.choice(chars) for i in xrange(20))
|
||||
return ''.join(random.SystemRandom().choice(chars) for i in xrange(20))
|
||||
|
||||
def now(**kwargs):
|
||||
dt = datetime.now() + timedelta(**kwargs)
|
||||
|
|
|
@ -24,7 +24,6 @@ import xmlrpclib
|
|||
import string
|
||||
import time
|
||||
import random
|
||||
from random import sample
|
||||
from openerp.tools.translate import _
|
||||
|
||||
class event_moodle(osv.osv):
|
||||
|
@ -123,7 +122,7 @@ class event_moodle(osv.osv):
|
|||
"""
|
||||
rand = string.ascii_letters + string.digits
|
||||
length = 8
|
||||
passwd = ''.join(sample(rand, length))
|
||||
passwd = ''.join(random.SystemRandom().sample(rand, length))
|
||||
passwd = passwd + '+'
|
||||
return passwd
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ class pad_common(osv.osv_memory):
|
|||
pad["server"] = pad["server"].rstrip('/')
|
||||
# generate a salt
|
||||
s = string.ascii_uppercase + string.digits
|
||||
salt = ''.join([s[random.randint(0, len(s) - 1)] for i in range(10)])
|
||||
salt = ''.join([s[random.SystemRandom().randint(0, len(s) - 1)] for i in range(10)])
|
||||
#path
|
||||
# etherpad hardcodes pad id length limit to 50
|
||||
path = '-%s-%s' % (self._name, salt)
|
||||
|
|
|
@ -47,7 +47,7 @@ DOMAIN_ALL = [(1, '=', 1)]
|
|||
# A good selection of easy to read password characters (e.g. no '0' vs 'O', etc.)
|
||||
RANDOM_PASS_CHARACTERS = 'aaaabcdeeeefghjkmnpqrstuvwxyzAAAABCDEEEEFGHJKLMNPQRSTUVWXYZ23456789'
|
||||
def generate_random_pass():
|
||||
return ''.join(random.sample(RANDOM_PASS_CHARACTERS,10))
|
||||
return ''.join(random.SystemRandom().sample(RANDOM_PASS_CHARACTERS,10))
|
||||
|
||||
class share_wizard(osv.TransientModel):
|
||||
_name = 'share.wizard'
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
##############################################################################
|
||||
|
||||
import time
|
||||
from random import choice
|
||||
import random
|
||||
import string
|
||||
import os
|
||||
import datetime
|
||||
|
@ -51,7 +51,7 @@ class survey_send_invitation(osv.osv_memory):
|
|||
|
||||
def genpasswd(self):
|
||||
chars = string.letters + string.digits
|
||||
return ''.join([choice(chars) for i in range(6)])
|
||||
return ''.join([random.SystemRandom().choice(chars) for i in range(6)])
|
||||
|
||||
def default_get(self, cr, uid, fields_list, context=None):
|
||||
if context is None:
|
||||
|
|
Loading…
Reference in New Issue