From: Jeremy Kerr <jk@ozlabs.org>
Date: Thu, 11 Sep 2008 06:42:26 +0000 (+1000)
Subject: Don't just rely on random for UserPersonConfirmation keys
X-Git-Tag: v0.9.0~318
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a72679a9622db66e828e86377f29c9c0c6574d69;p=thirdparty%2Fpatchwork.git

Don't just rely on random for UserPersonConfirmation keys

It looks like we're getting identical keys generated for confirmation
keys. Problem has been reported to django, but in the meantime, salt
with the user and email details, then sha1 to give the final key.

This requires an increase in the field size for key, migration script
included.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---

diff --git a/apps/patchwork/models.py b/apps/patchwork/models.py
index 226a69c3..e516be29 100644
--- a/apps/patchwork/models.py
+++ b/apps/patchwork/models.py
@@ -129,35 +129,6 @@ class UserProfile(models.Model):
     def __str__(self):
         return self.name()
 
-def _confirm_key():
-    allowedchars = string.ascii_lowercase + string.digits
-    str = ''
-    for i in range(1, 32):
-        str += random.choice(allowedchars)
-    return str;
-
-class UserPersonConfirmation(models.Model):
-    user = models.ForeignKey(User)
-    email = models.CharField(max_length = 200)
-    key = models.CharField(max_length = 32, default = _confirm_key)
-    date = models.DateTimeField(default=datetime.datetime.now)
-    active = models.BooleanField(default = True)
-
-    def confirm(self):
-        if not self.active:
-            return
-        person = None
-        try:
-            person = Person.objects.get(email = self.email)
-        except Exception:
-            pass
-        if not person:
-            person = Person(email = self.email)
-
-        person.link_to_user(self.user)
-        person.save()
-        self.active = False
-
 class State(models.Model):
     name = models.CharField(max_length = 100)
     ordering = models.IntegerField(unique = True)
@@ -316,3 +287,33 @@ class Bundle(models.Model):
         return '\n'.join([p.mbox().as_string(True) \
                         for p in self.patches.all()])
 
+class UserPersonConfirmation(models.Model):
+    user = models.ForeignKey(User)
+    email = models.CharField(max_length = 200)
+    key = HashField()
+    date = models.DateTimeField(default=datetime.datetime.now)
+    active = models.BooleanField(default = True)
+
+    def confirm(self):
+        if not self.active:
+            return
+        person = None
+        try:
+            person = Person.objects.get(email = self.email)
+        except Exception:
+            pass
+        if not person:
+            person = Person(email = self.email)
+
+        person.link_to_user(self.user)
+        person.save()
+        self.active = False
+
+    def save(self):
+        max = 1 << 32
+        if self.key == '':
+            str = '%s%s%d' % (self.user, self.email, random.randint(0, max))
+            self.key = self._meta.get_field('key').construct(str).hexdigest()
+        super(UserPersonConfirmation, self).save()
+
+
diff --git a/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql b/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql
new file mode 100644
index 00000000..fa10fba0
--- /dev/null
+++ b/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql
@@ -0,0 +1,4 @@
+BEGIN;
+ALTER TABLE patchwork_userpersonconfirmation
+        ALTER COLUMN key TYPE char(40);
+COMMIT;