mirror of
https://github.com/janeczku/calibre-web
synced 2024-10-31 15:16:20 +00:00
new random password generation algorithm to ensure compliance with password rules
bugfix opds login limit
This commit is contained in:
parent
73ea18b8ce
commit
89bc72958e
16
cps/admin.py
16
cps/admin.py
@ -1961,12 +1961,6 @@ def _handle_edit_user(to_save, content, languages, translations, kobo_support):
|
||||
log.warning("No admin user remaining, can't remove admin role from {}".format(content.name))
|
||||
flash(_("No admin user remaining, can't remove admin role"), category="error")
|
||||
return redirect(url_for('admin.admin'))
|
||||
anonymous = content.is_anonymous
|
||||
content.role = constants.selected_roles(to_save)
|
||||
if anonymous:
|
||||
content.role |= constants.ROLE_ANONYMOUS
|
||||
else:
|
||||
content.role &= ~constants.ROLE_ANONYMOUS
|
||||
|
||||
val = [int(k[5:]) for k in to_save if k.startswith('show_')]
|
||||
sidebar, __ = get_sidebar_config()
|
||||
@ -1994,6 +1988,15 @@ def _handle_edit_user(to_save, content, languages, translations, kobo_support):
|
||||
if to_save.get("locale"):
|
||||
content.locale = to_save["locale"]
|
||||
try:
|
||||
anonymous = content.is_anonymous
|
||||
content.role = constants.selected_roles(to_save)
|
||||
if anonymous:
|
||||
content.role |= constants.ROLE_ANONYMOUS
|
||||
else:
|
||||
content.role &= ~constants.ROLE_ANONYMOUS
|
||||
if to_save.get("password", ""):
|
||||
content.password = generate_password_hash(helper.valid_password(to_save.get["password"]))
|
||||
|
||||
new_email = valid_email(to_save.get("email", content.email))
|
||||
if not new_email:
|
||||
raise Exception(_("Email can't be empty and has to be a valid Email"))
|
||||
@ -2006,7 +2009,6 @@ def _handle_edit_user(to_save, content, languages, translations, kobo_support):
|
||||
content.name = check_username(to_save["name"])
|
||||
if to_save.get("kindle_mail") != content.kindle_mail:
|
||||
content.kindle_mail = valid_email(to_save["kindle_mail"]) if to_save["kindle_mail"] else ""
|
||||
content.password = generate_password_hash(helper.valid_password(to_save.get("password", "")))
|
||||
except Exception as ex:
|
||||
log.error(ex)
|
||||
flash(str(ex), category="error")
|
||||
|
@ -18,6 +18,7 @@
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import os
|
||||
import random
|
||||
import io
|
||||
import mimetypes
|
||||
import re
|
||||
@ -621,11 +622,35 @@ def reset_password(user_id):
|
||||
ub.session.rollback()
|
||||
return 0, None
|
||||
|
||||
|
||||
def generate_random_password(min_length):
|
||||
min_length = max(8, min_length) - 4
|
||||
random_source = "abcdefghijklmnopqrstuvwxyz01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%&*()?"
|
||||
# select 1 lowercase
|
||||
s = "abcdefghijklmnopqrstuvwxyz"
|
||||
password = [s[c % len(s)] for c in os.urandom(1)]
|
||||
# select 1 uppercase
|
||||
s = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||
password.extend([s[c % len(s)] for c in os.urandom(1)])
|
||||
# select 1 digit
|
||||
s = "01234567890"
|
||||
password.extend([s[c % len(s)] for c in os.urandom(1)])
|
||||
# select 1 special symbol
|
||||
s = "!@#$%&*()?"
|
||||
password.extend([s[c % len(s)] for c in os.urandom(1)])
|
||||
|
||||
# generate other characters
|
||||
password.extend([random_source[c % len(random_source)] for c in os.urandom(min_length)])
|
||||
|
||||
# password_list = list(password)
|
||||
# shuffle all characters
|
||||
random.SystemRandom().shuffle(password)
|
||||
return ''.join(password)
|
||||
|
||||
|
||||
'''def generate_random_password(min_length):
|
||||
s = "abcdefghijklmnopqrstuvwxyz01234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%&*()?"
|
||||
passlen = min_length
|
||||
return "".join(s[c % len(s)] for c in os.urandom(passlen))
|
||||
return "".join(s[c % len(s)] for c in os.urandom(passlen))'''
|
||||
|
||||
|
||||
def uniq(inpt):
|
||||
|
@ -52,6 +52,7 @@ def requires_basic_auth_if_no_ano(f):
|
||||
login_result, error = services.ldap.bind_user(auth.username, auth.password)
|
||||
if login_result:
|
||||
user = _fetch_user_by_name(auth.username)
|
||||
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
|
||||
login_user(user)
|
||||
return f(*args, **kwargs)
|
||||
elif login_result is not None:
|
||||
@ -68,6 +69,7 @@ def _load_user_from_auth_header(username, password):
|
||||
limiter.check()
|
||||
user = _fetch_user_by_name(username)
|
||||
if bool(user and check_password_hash(str(user.password), password)) and user.name != "Guest":
|
||||
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
|
||||
login_user(user)
|
||||
return user
|
||||
else:
|
||||
@ -102,6 +104,7 @@ def load_user_from_reverse_proxy_header(req):
|
||||
if rp_header_username:
|
||||
user = _fetch_user_by_name(rp_header_username)
|
||||
if user:
|
||||
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
|
||||
login_user(user)
|
||||
return user
|
||||
return None
|
||||
|
@ -1256,7 +1256,7 @@ def register_post():
|
||||
content.name = nickname
|
||||
content.email = email
|
||||
password = generate_random_password(config.config_password_min_length)
|
||||
content.password = generate_password_hash(valid_password(password))
|
||||
content.password = generate_password_hash(password)
|
||||
content.role = config.config_default_role
|
||||
content.locale = config.config_default_locale
|
||||
content.sidebar_view = config.config_default_show
|
||||
|
Loading…
Reference in New Issue
Block a user