"Fossies" - the Fresh Open Source Software Archive

Member "horizon-14.0.4/horizon/utils/secret_key.py" (22 Oct 2019, 3043 Bytes) of package /linux/misc/openstack/horizon-14.0.4.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "secret_key.py" see the Fossies "Dox" file reference documentation.

    1 # Copyright 2012 Nebula, Inc.
    2 #
    3 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 #    not use this file except in compliance with the License. You may obtain
    5 #    a copy of the License at
    6 #
    7 #         http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 #    Unless required by applicable law or agreed to in writing, software
   10 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 #    License for the specific language governing permissions and limitations
   13 #    under the License.
   14 
   15 
   16 import logging
   17 import os
   18 import random
   19 import string
   20 
   21 from oslo_concurrency import lockutils
   22 
   23 
   24 class FilePermissionError(Exception):
   25     """The key file permissions are insecure."""
   26     pass
   27 
   28 
   29 def generate_key(key_length=64):
   30     """Secret key generator.
   31 
   32     The quality of randomness depends on operating system support,
   33     see http://docs.python.org/library/random.html#random.SystemRandom.
   34     """
   35     if hasattr(random, 'SystemRandom'):
   36         logging.info('Generating a secure random key using SystemRandom.')
   37         choice = random.SystemRandom().choice
   38     else:
   39         msg = "WARNING: SystemRandom not present. Generating a random "\
   40               "key using random.choice (NOT CRYPTOGRAPHICALLY SECURE)."
   41         logging.warning(msg)
   42         choice = random.choice
   43     return ''.join(map(lambda x: choice(string.digits + string.ascii_letters),
   44                    range(key_length)))
   45 
   46 
   47 def read_from_file(key_file='.secret_key'):
   48     if (os.stat(key_file).st_mode & 0o777) != 0o600:
   49         raise FilePermissionError(
   50             "Insecure permissions on key file %s, should be 0600." %
   51             os.path.abspath(key_file))
   52     with open(key_file, 'r') as f:
   53         key = f.readline()
   54         return key
   55 
   56 
   57 def generate_or_read_from_file(key_file='.secret_key', key_length=64):
   58     """Multiprocess-safe secret key file generator.
   59 
   60     Useful to replace the default (and thus unsafe) SECRET_KEY in settings.py
   61     upon first start. Save to use, i.e. when multiple Python interpreters
   62     serve the dashboard Django application (e.g. in a mod_wsgi + daemonized
   63     environment).  Also checks if file permissions are set correctly and
   64     throws an exception if not.
   65     """
   66     abspath = os.path.abspath(key_file)
   67     # check, if key_file already exists
   68     # if yes, then just read and return key
   69     if os.path.exists(key_file):
   70         key = read_from_file(key_file)
   71         return key
   72 
   73     # otherwise, first lock to make sure only one process
   74     lock = lockutils.external_lock(key_file + ".lock",
   75                                    lock_path=os.path.dirname(abspath))
   76     with lock:
   77         if not os.path.exists(key_file):
   78             key = generate_key(key_length)
   79             old_umask = os.umask(0o177)  # Use '0600' file permissions
   80             with open(key_file, 'w') as f:
   81                 f.write(key)
   82             os.umask(old_umask)
   83         else:
   84             key = read_from_file(key_file)
   85         return key