Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def run(self, username, password=None):
with self.app_context():
if not password:
wordfile = xp.locate_wordfile()
mywords = xp.generate_wordlist(wordfile=wordfile, min_length=5, max_length=8)
password = xp.generate_xkcdpassword(mywords, acrostic="ambit")
print("generated password: '%s'" % password)
assert not User.query.filter_by(username=username).scalar(), "user already exists"
user = User(username=username)
user.password = self.app_bcrypt.generate_password_hash(password, 10)
if user.password is not str:
user.password = user.password.decode('utf-8')
user.active = True
db.session.add(user)
db.session.commit()
def create_user(app, username, password=None):
with app.app_context():
wordfile = xp.locate_wordfile()
mywords = xp.generate_wordlist(wordfile=wordfile, min_length=5, max_length=8)
if not password:
print("generated password: '%s'" % password)
password = xp.generate_xkcdpassword(mywords, acrostic="ambit")
assert not User.query.filter_by(username=username).scalar(), "user already exists"
user = User(username=username)
user.password = app_bcrypt.generate_password_hash(password, 10)
user.active = True
db.session.add(user)
db.session.commit()
print("created user '%s'" % user.username)
def random_capitalisation(s, chance):
new_str = []
for i, c in enumerate(s):
new_str.append(c.upper() if random.random() < chance else c)
return "".join(new_str)
def capitalize_first_letter(s):
new_str = []
s = s.split(" ")
for i, c in enumerate(s):
new_str.append(c.capitalize())
return "".join(new_str)
words = xp.locate_wordfile()
mywords = xp.generate_wordlist(wordfile=words, min_length=5, max_length=8)
raw_password = xp.generate_xkcdpassword(mywords)
for i in range(5):
print(random_capitalisation(raw_password, i/10.0))
print(capitalize_first_letter(raw_password))
security_key (str): The security key to validate.
Returns:
bool: Whether the security key is valid.
Example:
>>> mw.validate_security_key('epilogue-stilt-crux-task-corset-carton')
True
>>> mw.validate_security_key("not-A-valid-k3y")
False
'''
# check the format
if not re.match(r"\w*-\w*-\w*-\w*-\w*-\w*", security_key):
return False
wordfile = xp.locate_wordfile()
word_list = set(xp.generate_wordlist(wordfile=wordfile, min_length=0, max_length=10))
# check that the words in the security key are valid
for word in security_key.split("-"):
if word not in word_list:
return False
# check number of words
if len(security_key.split("-")) != 6:
return False
return True
def json_password_generator(request):
# Example Django view to generate passphrase suggestions via xkcd library
# Called with optional params e.g.
# /json_password_generator/?tc=true&separator=|&acrostic=face
if request.method == 'GET':
acrostic = request.GET.get("acrostic", None)
titlecase = request.GET.get("tc", None)
wordfile = xp.locate_wordfile()
words = xp.generate_wordlist(
wordfile=wordfile,
min_length=3,
max_length=8)
suggestion = xp.generate_xkcdpassword(words, acrostic=acrostic)
if titlecase:
# Convert "foo bar" to "Foo Bar"
suggestion = suggestion.title()
return JsonResponse({
'suggestion': suggestion}
)
import re
from datetime import date
from flask_login import UserMixin
from passlib.context import CryptContext
from xkcdpass import xkcd_password as xp
import uuid
from oclubs.utils.dates import int_to_dateobj, dateobj_to_int
from oclubs.access import database, email, redis
from oclubs.enums import UserType
from oclubs.exceptions import NoRow, PasswordTooShort
from oclubs.objs.base import BaseObject, Property, ListProperty, paged_db_read
_crypt = CryptContext(schemes=['bcrypt']) # , 'sha512_crypt', 'pbkdf2_sha512'
_words = xp.generate_wordlist(wordfile=xp.locate_wordfile())
def _encrypt(passwd):
if len(passwd) < 6:
raise PasswordTooShort
return _crypt.encrypt(passwd)
class User(BaseObject, UserMixin):
table = 'user'
identifier = 'user_id'
studentid = Property('user_login_name')
gnumber_id = Property('user_gnumber_id')
short_id = Property('user_short_id')
passportname = Property('user_passport_name')
password = Property('user_password', (NotImplemented, _encrypt))
def generate_security_key():
'''Generates a human-friendly cryptographically secure security keys.
Returns:
str: A security key consisting of six words delimited by dashes
Example:
>>> mw.generate_security_key()
'epilogue-stilt-crux-task-corset-carton'
'''
wordfile = xp.locate_wordfile()
word_list = xp.generate_wordlist(wordfile=wordfile, min_length=0, max_length=10)
while True:
key = xp.generate_xkcdpassword(word_list, delimiter="-")
if validate_security_key(key): # ensure key is valid
return key