Merge "using standard library secrets function token_bytes to replace os.urandom"
This commit is contained in:
commit
2c10eff409
|
@ -13,7 +13,7 @@
|
|||
# This file handles all flask-restful resources for /v3/users
|
||||
|
||||
import base64
|
||||
import os
|
||||
import secrets
|
||||
import uuid
|
||||
|
||||
import flask
|
||||
|
@ -577,7 +577,7 @@ class UserAppCredListCreateResource(ks_flask.ResourceBase):
|
|||
@staticmethod
|
||||
def _generate_secret():
|
||||
length = 64
|
||||
secret = os.urandom(length)
|
||||
secret = secrets.token_bytes(length)
|
||||
secret = base64.urlsafe_b64encode(secret)
|
||||
secret = secret.rstrip(b'=')
|
||||
secret = secret.decode('utf-8')
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
"""Keystone Caching Layer Implementation."""
|
||||
|
||||
import os
|
||||
import secrets
|
||||
|
||||
from dogpile.cache import region
|
||||
from dogpile.cache import util
|
||||
|
@ -36,7 +36,7 @@ class RegionInvalidationManager(object):
|
|||
self._region_key = self.REGION_KEY_PREFIX + region_name
|
||||
|
||||
def _generate_new_id(self):
|
||||
return os.urandom(10)
|
||||
return secrets.token_bytes(10)
|
||||
|
||||
@property
|
||||
def region_id(self):
|
||||
|
|
|
@ -19,6 +19,8 @@ import datetime
|
|||
import functools
|
||||
import hashlib
|
||||
import json
|
||||
import secrets
|
||||
|
||||
import ldap
|
||||
import os
|
||||
import shutil
|
||||
|
@ -421,9 +423,9 @@ def new_ec2_credential(user_id, project_id=None, blob=None, **kwargs):
|
|||
|
||||
def new_totp_credential(user_id, project_id=None, blob=None):
|
||||
if not blob:
|
||||
# NOTE(notmorgan): 20 bytes of data from os.urandom for
|
||||
# NOTE(notmorgan): 20 bytes of data from secrets.token_bytes for
|
||||
# a totp secret.
|
||||
blob = base64.b32encode(os.urandom(20)).decode('utf-8')
|
||||
blob = base64.b32encode(secrets.token_bytes(20)).decode('utf-8')
|
||||
credential = new_credential_ref(user_id=user_id,
|
||||
project_id=project_id,
|
||||
blob=blob,
|
||||
|
|
Loading…
Reference in New Issue