From 38e081df04ac95b6d3ea4a6843f98c8bd6bdd216 Mon Sep 17 00:00:00 2001 From: Mo8it Date: Sun, 29 May 2022 19:03:54 +0200 Subject: [PATCH] Set minimum password length --- advlabdb/__init__.py | 11 ++++++----- advlabdb/adminModelViews.py | 3 ++- advlabdb/advlabdb_independent_funs.py | 7 ------- advlabdb/assistantModelViews.py | 3 ++- advlabdb/model_independent_funs.py | 10 +++++++++- advlabdb/scripts/maintain/reset_admin_password.py | 2 +- advlabdb/scripts/setup/init_database.py | 2 +- 7 files changed, 21 insertions(+), 17 deletions(-) diff --git a/advlabdb/__init__.py b/advlabdb/__init__.py index 5b713e4..f993555 100644 --- a/advlabdb/__init__.py +++ b/advlabdb/__init__.py @@ -20,14 +20,9 @@ load_dotenv(".env") app = Flask(__name__) -app.config["SECURITY_EMAIL_VALIDATOR_ARGS"] = { - "check_deliverability": parse_bool(environ["CHECK_EMAIL_DELIVERABILITY"]) -} - set_from_env(app, "SERVER_NAME") set_from_env(app, "SECRET_KEY") -set_from_env(app, "SECURITY_PASSWORD_SALT") app.config["SQLALCHEMY_DATABASE_URI"] = f"sqlite:///../{environ['RELATIVE_DB_DIR']}/advlab.db" makedirs(environ["RELATIVE_DB_DIR"], exist_ok=True) @@ -67,6 +62,12 @@ from . import models user_datastore = SQLAlchemyUserDatastore(db, models.User, models.Role) Security(app, user_datastore) +app.config["SECURITY_EMAIL_VALIDATOR_ARGS"] = { + "check_deliverability": parse_bool(environ["CHECK_EMAIL_DELIVERABILITY"]) +} +set_from_env(app, "SECURITY_PASSWORD_SALT") +app.config["SECURITY_PASSWORD_LENGTH_MIN"] = 15 + try: from . import routes, adminModelViews, assistantModelViews except Exception as ex: diff --git a/advlabdb/adminModelViews.py b/advlabdb/adminModelViews.py index 623fd19..b3fe8fb 100644 --- a/advlabdb/adminModelViews.py +++ b/advlabdb/adminModelViews.py @@ -31,7 +31,7 @@ from wtforms.validators import URL, DataRequired, Email, NumberRange, Optional from wtforms.widgets import NumberInput from . import adminSpace, app, assistantSpace, db, user_datastore -from .advlabdb_independent_funs import flashRandomPassword, randomPassword +from .advlabdb_independent_funs import flashRandomPassword from .configUtils import getConfig from .customClasses import ( CustomIdEndpointLinkRowAction, @@ -46,6 +46,7 @@ from .model_dependent_funs import ( setUserActiveSemester, sortedSemestersStartingWithNewest, ) +from .model_independent_funs import randomPassword from .models import ( MAX_MARK, MAX_YEAR, diff --git a/advlabdb/advlabdb_independent_funs.py b/advlabdb/advlabdb_independent_funs.py index 66a3a9c..bc16d3f 100644 --- a/advlabdb/advlabdb_independent_funs.py +++ b/advlabdb/advlabdb_independent_funs.py @@ -1,15 +1,8 @@ # Functions not dependent on advlabdb -from random import choice -from string import ascii_letters, digits - from flask import flash -def randomPassword(): - return "".join(choice(ascii_letters + digits) for i in range(15)) - - def flashRandomPassword(password): flash(f"Random password: {password}", category="warning") diff --git a/advlabdb/assistantModelViews.py b/advlabdb/assistantModelViews.py index 325ecfa..17975db 100644 --- a/advlabdb/assistantModelViews.py +++ b/advlabdb/assistantModelViews.py @@ -8,10 +8,11 @@ from wtforms.fields import DateField from wtforms.validators import NumberRange, Optional from . import assistantSpace, db -from .advlabdb_independent_funs import flashRandomPassword, randomPassword +from .advlabdb_independent_funs import flashRandomPassword from .customClasses import SecureAssistantBaseView, SecureAssistantModelView from .exceptions import DataBaseException, ModelViewException from .model_dependent_funs import initActiveSemesterMenuLinks +from .model_independent_funs import randomPassword from .models import ( MAX_MARK, MIN_MARK, diff --git a/advlabdb/model_independent_funs.py b/advlabdb/model_independent_funs.py index a229f29..68eb766 100644 --- a/advlabdb/model_independent_funs.py +++ b/advlabdb/model_independent_funs.py @@ -1,8 +1,16 @@ # Functions not dependent on advlabdb.models +from random import choice +from string import ascii_letters, digits + from sqlalchemy import func, select -from . import db +from . import app, db + + +def randomPassword(): + password_length = app.config["SECURITY_PASSWORD_LENGTH_MIN"] + return "".join(choice(ascii_letters + digits) for i in range(password_length)) def reportBadAttempt(message): diff --git a/advlabdb/scripts/maintain/reset_admin_password.py b/advlabdb/scripts/maintain/reset_admin_password.py index 51be09a..9d56368 100644 --- a/advlabdb/scripts/maintain/reset_admin_password.py +++ b/advlabdb/scripts/maintain/reset_admin_password.py @@ -2,7 +2,7 @@ from flask_security import admin_change_password from sqlalchemy import select from ... import app, db -from ...advlabdb_independent_funs import randomPassword +from ...model_independent_funs import randomPassword from ...models import Admin, User from ..terminal_utils import box, spaced_hl, validating_input diff --git a/advlabdb/scripts/setup/init_database.py b/advlabdb/scripts/setup/init_database.py index adbf1ed..4667c79 100644 --- a/advlabdb/scripts/setup/init_database.py +++ b/advlabdb/scripts/setup/init_database.py @@ -2,7 +2,7 @@ from email_validator import validate_email from flask_security import hash_password from ... import app, db, user_datastore -from ...advlabdb_independent_funs import randomPassword +from ...model_independent_funs import randomPassword from ...models import MAX_YEAR, MIN_YEAR, Admin, Semester from ..terminal_utils import box, confirm, validating_input