diff --git a/kallithea/controllers/admin/my_account.py b/kallithea/controllers/admin/my_account.py --- a/kallithea/controllers/admin/my_account.py +++ b/kallithea/controllers/admin/my_account.py @@ -260,7 +260,7 @@ class MyAccountController(BaseController if request.POST.get('del_api_key_builtin'): user = User.get(user_id) if user: - user.api_key = generate_api_key(user.username) + user.api_key = generate_api_key() Session().add(user) Session().commit() h.flash(_("Api key successfully reset"), category='success') diff --git a/kallithea/controllers/admin/users.py b/kallithea/controllers/admin/users.py --- a/kallithea/controllers/admin/users.py +++ b/kallithea/controllers/admin/users.py @@ -324,7 +324,7 @@ class UsersController(BaseController): if request.POST.get('del_api_key_builtin'): user = User.get(c.user.user_id) if user: - user.api_key = generate_api_key(user.username) + user.api_key = generate_api_key() Session().add(user) Session().commit() h.flash(_("Api key successfully reset"), category='success') diff --git a/kallithea/lib/dbmigrate/schema/db_1_2_0.py b/kallithea/lib/dbmigrate/schema/db_1_2_0.py --- a/kallithea/lib/dbmigrate/schema/db_1_2_0.py +++ b/kallithea/lib/dbmigrate/schema/db_1_2_0.py @@ -336,7 +336,7 @@ class User(Base, BaseModel): v = get_crypt_password(v) setattr(new_user, k, v) - new_user.api_key = generate_api_key(form_data['username']) + new_user.api_key = generate_api_key() Session.add(new_user) Session.commit() return new_user diff --git a/kallithea/lib/utils2.py b/kallithea/lib/utils2.py --- a/kallithea/lib/utils2.py +++ b/kallithea/lib/utils2.py @@ -32,8 +32,10 @@ import sys import time import uuid import datetime +import urllib +import binascii + import webob -import urllib import urlobject from pylons.i18n.translation import _, ungettext @@ -161,23 +163,11 @@ def detect_mode(line, default): return default -def generate_api_key(username, salt=None): +def generate_api_key(): """ - Generates unique API key for given username, if salt is not given - it'll be generated from some random string - - :param username: username as string - :param salt: salt to hash generate KEY - :rtype: str - :returns: sha1 hash from username+salt + Generates a random (presumably unique) API key. """ - from tempfile import _RandomNameSequence - import hashlib - - if salt is None: - salt = _RandomNameSequence().next() - - return hashlib.sha1(username + salt).hexdigest() + return binascii.hexlify(os.urandom(20)) def safe_int(val, default=None): diff --git a/kallithea/model/api_key.py b/kallithea/model/api_key.py --- a/kallithea/model/api_key.py +++ b/kallithea/model/api_key.py @@ -50,7 +50,7 @@ class ApiKeyModel(BaseModel): user = self._get_user(user) new_api_key = UserApiKeys() - new_api_key.api_key = generate_api_key(user.username) + new_api_key.api_key = generate_api_key() new_api_key.user_id = user.user_id new_api_key.description = description new_api_key.expires = time.time() + (lifetime * 60) if lifetime != -1 else -1 diff --git a/kallithea/model/user.py b/kallithea/model/user.py --- a/kallithea/model/user.py +++ b/kallithea/model/user.py @@ -100,7 +100,7 @@ class UserModel(BaseModel): k = 'name' setattr(new_user, k, v) - new_user.api_key = generate_api_key(form_data['username']) + new_user.api_key = generate_api_key() self.sa.add(new_user) log_create_user(new_user.get_dict(), cur_user) @@ -159,7 +159,7 @@ class UserModel(BaseModel): new_user.lastname = lastname if not edit: - new_user.api_key = generate_api_key(username) + new_user.api_key = generate_api_key() # set password only if creating an user or password is changed password_change = new_user.password and not check_password(password, diff --git a/kallithea/tests/functional/test_login.py b/kallithea/tests/functional/test_login.py --- a/kallithea/tests/functional/test_login.py +++ b/kallithea/tests/functional/test_login.py @@ -260,7 +260,7 @@ class TestLoginController(TestController new.email = email new.name = name new.lastname = lastname - new.api_key = generate_api_key(username) + new.api_key = generate_api_key() Session().add(new) Session().commit()