From 6f3ead3c425ec0eb04992ac8b72d1d3d85439204 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Mon, 1 Mar 2021 18:40:07 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E7=B3=BB=E7=BB=9F?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E7=94=9F=E6=88=90=E5=AF=86=E7=A0=81=E7=9A=84?=
 =?UTF-8?q?=E5=A4=8D=E6=9D=82=E5=BA=A6=20(#5648)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* perf: 优化系统用户生成密码的复杂度

* perf: 修改 common.random_string

Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: Bai <bugatti_it@163.com>
---
 apps/assets/models/base.py    |  6 +++---
 apps/common/utils/__init__.py |  1 +
 apps/common/utils/common.py   | 10 ++--------
 apps/common/utils/random.py   | 30 +++++++++++++++++++++++++++++-
 apps/users/models/user.py     |  4 ++--
 5 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/apps/assets/models/base.py b/apps/assets/models/base.py
index 094f029bc..9fd4836f7 100644
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -11,7 +11,7 @@ from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings
 
-from common.utils.common import timeit
+from common.utils import random_string
 from common.utils import (
     ssh_key_string_to_obj, ssh_key_gen, get_logger, lazyproperty
 )
@@ -205,8 +205,8 @@ class AuthMixin:
         self.save()
 
     @staticmethod
-    def gen_password():
-        return str(uuid.uuid4())
+    def gen_password(length=36):
+        return random_string(length, special_char=True)
 
     @staticmethod
     def gen_key(username):
diff --git a/apps/common/utils/__init__.py b/apps/common/utils/__init__.py
index 01850f0cf..8b4576221 100644
--- a/apps/common/utils/__init__.py
+++ b/apps/common/utils/__init__.py
@@ -7,3 +7,4 @@ from .encode import *
 from .http import *
 from .ipip import *
 from .crypto import *
+from .random import *
diff --git a/apps/common/utils/common.py b/apps/common/utils/common.py
index f9c488e18..d1ecf8579 100644
--- a/apps/common/utils/common.py
+++ b/apps/common/utils/common.py
@@ -7,6 +7,8 @@ import logging
 import datetime
 import uuid
 from functools import wraps
+import string
+import random
 import time
 import ipaddress
 import psutil
@@ -191,14 +193,6 @@ def with_cache(func):
     return wrapper
 
 
-def random_string(length):
-    import string
-    import random
-    charset = string.ascii_letters + string.digits
-    s = [random.choice(charset) for i in range(length)]
-    return ''.join(s)
-
-
 logger = get_logger(__name__)
 
 
diff --git a/apps/common/utils/random.py b/apps/common/utils/random.py
index f32147b6d..055966947 100644
--- a/apps/common/utils/random.py
+++ b/apps/common/utils/random.py
@@ -1,8 +1,13 @@
 # -*- coding: utf-8 -*-
 #
-import socket
 import struct
 import random
+import socket
+import string
+import secrets
+
+
+string_punctuation = '!#$%&()*+,-.:;<=>?@[]^_{}~'
 
 
 def random_datetime(date_start, date_end):
@@ -14,6 +19,29 @@ def random_ip():
     return socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))
 
 
+def random_string(length, lower=True, upper=True, digit=True, special_char=False):
+    chars = string.ascii_letters
+    if digit:
+        chars += string.digits
+
+    while True:
+        password = list(random.choice(chars) for i in range(length))
+        if upper and not any(c.upper() for c in password):
+            continue
+        if lower and not any(c.lower() for c in password):
+            continue
+        if digit and not any(c.isdigit() for c in password):
+            continue
+        break
+
+    if special_char:
+        spc = random.choice(string_punctuation)
+        i = random.choice(range(len(password)))
+        password[i] = spc
+
+    password = ''.join(password)
+    return password
+
 
 # def strTimeProp(start, end, prop, fmt):
 #     time_start = time.mktime(time.strptime(start, fmt))
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index b3b4e9d1c..50099253d 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -18,7 +18,7 @@ from django.shortcuts import reverse
 
 from orgs.utils import current_org
 from orgs.models import OrganizationMember, Organization
-from common.utils import date_expired_default, get_logger, lazyproperty
+from common.utils import date_expired_default, get_logger, lazyproperty, random_string
 from common import fields
 from common.const import choices
 from common.db.models import ChoiceSet
@@ -387,7 +387,7 @@ class TokenMixin:
         cache_key = '%s_%s' % (self.id, remote_addr)
         token = cache.get(cache_key)
         if not token:
-            token = uuid.uuid4().hex
+            token = random_string(36)
         cache.set(token, self.id, expiration)
         cache.set('%s_%s' % (self.id, remote_addr), token, expiration)
         date_expired = timezone.now() + timezone.timedelta(seconds=expiration)