summaryrefslogtreecommitdiffstats
path: root/py-bin
diff options
context:
space:
mode:
authoralice <alice@immerda.ch>2012-08-31 17:09:34 +0200
committeralice <alice@immerda.ch>2012-10-19 15:20:06 +0200
commitbaa9293f66acdd858ef8e3ce3d2d31b9e859644e (patch)
treec026e8766dcc94e144bfb7c8803ff3e6af460941 /py-bin
parentdff6e7353195a13da73fa1e864dd186ad99bb060 (diff)
use the secure-enough os.urandom for token generation
Diffstat (limited to 'py-bin')
-rw-r--r--py-bin/jabberman.py16
1 files changed, 2 insertions, 14 deletions
diff --git a/py-bin/jabberman.py b/py-bin/jabberman.py
index bec3731..8dcacc4 100644
--- a/py-bin/jabberman.py
+++ b/py-bin/jabberman.py
@@ -1,6 +1,6 @@
#jabber manager
-import sqlite3, atexit, bcrypt, sha, hmac, random, os, time, re, logging, datetime, string
+import sqlite3, atexit, bcrypt, sha, hmac, random, os, struct, time, re, logging, datetime, string
import config
# FIXME: error handling (especially sqlite)
@@ -16,11 +16,6 @@ class JabberUser:
def get_jabber_id(self):
return self.jid
- @staticmethod
- def generate_token():
- data = str(random.getrandbits(256)) + str(time.time()*1000) + str(os.getpid())
- return "+" + hmac.new(config.the_secret, data, sha).hexdigest()
-
def set_token(self, token):
self.token = token
@@ -51,12 +46,6 @@ class JabberDB:
return user
return None
- def generate_token(self, user_id):
- if self.get_web_user(user_id):
- return (False, "Benutzer existiert bereits!")
-
- return (True, JabberUser.generate_token())
-
def prepare_user(self, user_id):
if self.get_web_user(user_id):
return (False, "Benutzer existiert bereits!")
@@ -121,7 +110,7 @@ class JabberDB:
return (True, "Passwort geaendert.")
def generate_web_user(self, email):
- token = str(random.getrandbits(60))
+ token = ''.join(map(lambda x: "%02x" % x, struct.unpack("32B",os.urandom(32))))
token_date = datetime.datetime.utcnow()
cur = self.__connection.cursor()
@@ -207,7 +196,6 @@ class JabberDB:
cur.execute("SELECT * FROM jabber_users where web_user_id=?", (web_user_id,))
rows = cur.fetchall()
- # @ng: CAUTION, this now returns JabberUser instances, not raw rows
return map(lambda row: JabberUser(row[0],row[1],row[2],row[3]), rows)
def select_web_users(self):