perf: 优化系统用户生成密码的复杂度 (#5648)

* perf: 优化系统用户生成密码的复杂度 * perf: 修改 common.random_string Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: Bai <bugatti_it@163.com>
2021-03-01 18:40:07 +08:00 · 2021-03-01 18:40:07 +08:00 · 6f3ead3c42
parent 1036d1c132
commit 6f3ead3c42
5 changed files with 37 additions and 14 deletions
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@ -11,7 +11,7 @@ from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings

-from common.utils.common import timeit
+from common.utils import random_string
 from common.utils import (
    ssh_key_string_to_obj, ssh_key_gen, get_logger, lazyproperty
 )
@ -205,8 +205,8 @@ class AuthMixin:
        self.save()

    @staticmethod
-    def gen_password():
-        return str(uuid.uuid4())
+    def gen_password(length=36):
+        return random_string(length, special_char=True)

    @staticmethod
    def gen_key(username):
--- a/apps/common/utils/init.py
+++ b/apps/common/utils/init.py
@ -7,3 +7,4 @@ from .encode import *
 from .http import *
 from .ipip import *
 from .crypto import *
+from .random import *
--- a/apps/common/utils/common.py
+++ b/apps/common/utils/common.py
@ -7,6 +7,8 @@ import logging
 import datetime
 import uuid
 from functools import wraps
+import string
+import random
 import time
 import ipaddress
 import psutil
@ -191,14 +193,6 @@ def with_cache(func):
    return wrapper


-def random_string(length):
-    import string
-    import random
-    charset = string.ascii_letters + string.digits
-    s = [random.choice(charset) for i in range(length)]
-    return ''.join(s)
-
-
 logger = get_logger(__name__)


--- a/apps/common/utils/random.py
+++ b/apps/common/utils/random.py
@ -1,8 +1,13 @@
 # -*- coding: utf-8 -*-
 #
-import socket
 import struct
 import random
+import socket
+import string
+import secrets
+
+
+string_punctuation = '!#$%&()*+,-.:;<=>?@[]^_{}~'


 def random_datetime(date_start, date_end):
@ -14,6 +19,29 @@ def random_ip():
    return socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))


+def random_string(length, lower=True, upper=True, digit=True, special_char=False):
+    chars = string.ascii_letters
+    if digit:
+        chars += string.digits
+
+    while True:
+        password = list(random.choice(chars) for i in range(length))
+        if upper and not any(c.upper() for c in password):
+            continue
+        if lower and not any(c.lower() for c in password):
+            continue
+        if digit and not any(c.isdigit() for c in password):
+            continue
+        break
+
+    if special_char:
+        spc = random.choice(string_punctuation)
+        i = random.choice(range(len(password)))
+        password[i] = spc
+
+    password = ''.join(password)
+    return password
+

 # def strTimeProp(start, end, prop, fmt):
 #     time_start = time.mktime(time.strptime(start, fmt))
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -18,7 +18,7 @@ from django.shortcuts import reverse

 from orgs.utils import current_org
 from orgs.models import OrganizationMember, Organization
-from common.utils import date_expired_default, get_logger, lazyproperty
+from common.utils import date_expired_default, get_logger, lazyproperty, random_string
 from common import fields
 from common.const import choices
 from common.db.models import ChoiceSet
@ -387,7 +387,7 @@ class TokenMixin:
        cache_key = '%s_%s' % (self.id, remote_addr)
        token = cache.get(cache_key)
        if not token:
-            token = uuid.uuid4().hex
+            token = random_string(36)
        cache.set(token, self.id, expiration)
        cache.set('%s_%s' % (self.id, remote_addr), token, expiration)
        date_expired = timezone.now() + timezone.timedelta(seconds=expiration)