diff options
| author | Jeremy Kerr <jk@ozlabs.org> | 2008-09-11 16:42:26 +1000 |
|---|---|---|
| committer | Jeremy Kerr <jk@ozlabs.org> | 2008-09-11 16:42:26 +1000 |
| commit | a72679a9622db66e828e86377f29c9c0c6574d69 (patch) | |
| tree | cae300bb42b1806b09f28ae8251c5775778df760 | |
| parent | 0deabd4014cbc9419d203356786e966c4f803ea3 (diff) | |
| download | patchwork-a72679a9622db66e828e86377f29c9c0c6574d69.tar.bz2 patchwork-a72679a9622db66e828e86377f29c9c0c6574d69.tar.xz | |
Don't just rely on random for UserPersonConfirmation keys
It looks like we're getting identical keys generated for confirmation
keys. Problem has been reported to django, but in the meantime, salt
with the user and email details, then sha1 to give the final key.
This requires an increase in the field size for key, migration script
included.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
| -rw-r--r-- | apps/patchwork/models.py | 59 | ||||
| -rw-r--r-- | lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql | 4 |
2 files changed, 34 insertions, 29 deletions
diff --git a/apps/patchwork/models.py b/apps/patchwork/models.py index 226a69c..e516be2 100644 --- a/apps/patchwork/models.py +++ b/apps/patchwork/models.py @@ -129,35 +129,6 @@ class UserProfile(models.Model): def __str__(self): return self.name() -def _confirm_key(): - allowedchars = string.ascii_lowercase + string.digits - str = '' - for i in range(1, 32): - str += random.choice(allowedchars) - return str; - -class UserPersonConfirmation(models.Model): - user = models.ForeignKey(User) - email = models.CharField(max_length = 200) - key = models.CharField(max_length = 32, default = _confirm_key) - date = models.DateTimeField(default=datetime.datetime.now) - active = models.BooleanField(default = True) - - def confirm(self): - if not self.active: - return - person = None - try: - person = Person.objects.get(email = self.email) - except Exception: - pass - if not person: - person = Person(email = self.email) - - person.link_to_user(self.user) - person.save() - self.active = False - class State(models.Model): name = models.CharField(max_length = 100) ordering = models.IntegerField(unique = True) @@ -316,3 +287,33 @@ class Bundle(models.Model): return '\n'.join([p.mbox().as_string(True) \ for p in self.patches.all()]) +class UserPersonConfirmation(models.Model): + user = models.ForeignKey(User) + email = models.CharField(max_length = 200) + key = HashField() + date = models.DateTimeField(default=datetime.datetime.now) + active = models.BooleanField(default = True) + + def confirm(self): + if not self.active: + return + person = None + try: + person = Person.objects.get(email = self.email) + except Exception: + pass + if not person: + person = Person(email = self.email) + + person.link_to_user(self.user) + person.save() + self.active = False + + def save(self): + max = 1 << 32 + if self.key == '': + str = '%s%s%d' % (self.user, self.email, random.randint(0, max)) + self.key = self._meta.get_field('key').construct(str).hexdigest() + super(UserPersonConfirmation, self).save() + + diff --git a/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql b/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql new file mode 100644 index 0000000..fa10fba --- /dev/null +++ b/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql @@ -0,0 +1,4 @@ +BEGIN; +ALTER TABLE patchwork_userpersonconfirmation + ALTER COLUMN key TYPE char(40); +COMMIT; |