Merge branch 'add_base64' into 'master'

remove sensitive chars from passwords - refs #31 See merge request !1

Merge branch 'add_base64' into 'master'
remove sensitive chars from passwords - refs #31 See merge request !1
7233c6f1 · torgiren · 785114dc · a1bd9159 · 7233c6f1
Commit 7233c6f1 authored 3 years ago by torgiren
Hide whitespace changes
Inline Side-by-side

Showing

with 4 additions and 1 deletion
+4 -1
--- a/app/passworder.py
+++ b/app/passworder.py
@@ -12,7 +12,7 @@ def generate_name(name, namespace):
    return "password-{name}-from-{namespace}".format(name=name, namespace=namespace)

 def generate_password(length):
-    symbols = string.digits + string.ascii_letters + string.punctuation
+    symbols = string.digits + string.ascii_letters + "%+-,.;:<=>@^_"
    password = "".join(random.SystemRandom().choice(symbols) for i in range(length))
    return password

@@ -30,6 +30,9 @@ def base(data):

 def generate_crypt(password, method, logger):
    crypt_name = method + "_crypt" 
+    if crypt_name == "base64_crypt":
+        logger.debug("using base64")
+        return base(base(password))
    try:
        logger.debug("looking for passlib.hash.{crypt_name}".format(crypt_name=crypt_name))
        crypt_fn = getattr(passlib.hash, crypt_name).hash