[MERGE] Forward port latest bugfixes from 7.0 up to b4de311

2015-07-29 13:54:37 +02:00 · 2015-07-29 13:54:37 +02:00 · cc5860fbcf
parent 5c7190c93f b4de311b0c
commit cc5860fbcf
5 changed files with 9 additions and 8 deletions
--- a/addons/auth_crypt/auth_crypt.py
+++ b/addons/auth_crypt/auth_crypt.py
@ -11,7 +11,7 @@
 import hashlib
 import hmac
 import logging
-from random import sample
+import random
 from string import ascii_letters, digits

 import openerp
@ -22,12 +22,13 @@ _logger = logging.getLogger(__name__)
 magic_md5 = '$1$'
 magic_sha256 = '$5$'

-openerp.addons.base.res.res_users.USER_PRIVATE_FIELDS.append('password_crypt')
+from openerp.addons.base.res import res_users
+res_users.USER_PRIVATE_FIELDS.append('password_crypt')

 def gen_salt(length=8, symbols=None):
    if symbols is None:
        symbols = ascii_letters + digits
-    return ''.join(sample(symbols, length))
+    return ''.join(random.SystemRandom().sample(symbols, length))

 def md5crypt( raw_pw, salt, magic=magic_md5 ):
    """ md5crypt FreeBSD crypt(3) based on but different from md5
--- a/addons/auth_signup/res_users.py
+++ b/addons/auth_signup/res_users.py
@ -35,7 +35,7 @@ class SignupError(Exception):
 def random_token():
    # the token has an entropy of about 120 bits (6 bits/char * 20 chars)
    chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
-    return ''.join(random.choice(chars) for i in xrange(20))
+    return ''.join(random.SystemRandom().choice(chars) for i in xrange(20))

 def now(**kwargs):
    dt = datetime.now() + timedelta(**kwargs)
--- a/addons/pad/pad.py
+++ b/addons/pad/pad.py
@ -35,7 +35,7 @@ class pad_common(osv.osv_memory):
        pad["server"] = pad["server"].rstrip('/')
        # generate a salt
        s = string.ascii_uppercase + string.digits
-        salt = ''.join([s[random.randint(0, len(s) - 1)] for i in range(10)])
+        salt = ''.join([s[random.SystemRandom().randint(0, len(s) - 1)] for i in range(10)])
        #path
        # etherpad hardcodes pad id length limit to 50
        path = '-%s-%s' % (self._name, salt)
--- a/addons/share/wizard/share_wizard.py
+++ b/addons/share/wizard/share_wizard.py
@ -46,7 +46,7 @@ DOMAIN_ALL = [(1, '=', 1)]
 # A good selection of easy to read password characters (e.g. no '0' vs 'O', etc.)
 RANDOM_PASS_CHARACTERS = 'aaaabcdeeeefghjkmnpqrstuvwxyzAAAABCDEEEEFGHJKLMNPQRSTUVWXYZ23456789'
 def generate_random_pass():
-    return ''.join(random.sample(RANDOM_PASS_CHARACTERS,10))
+    return ''.join(random.SystemRandom().sample(RANDOM_PASS_CHARACTERS,10))

 class share_wizard(osv.TransientModel):
    _name = 'share.wizard'
--- a/addons/survey/wizard/survey_send_invitation.py
+++ b/addons/survey/wizard/survey_send_invitation.py
@ -20,7 +20,7 @@
 ##############################################################################

 import time
-from random import choice
+import random
 import string
 import os
 import datetime
@ -53,7 +53,7 @@ class survey_send_invitation(osv.osv_memory):

    def genpasswd(self):
        chars = string.letters + string.digits
-        return ''.join([choice(chars) for i in range(6)])
+        return ''.join([random.SystemRandom().choice(chars) for i in range(6)])

    def default_get(self, cr, uid, fields_list, context=None):
        if context is None: