diff --git a/zerver/lib/create_user.py b/zerver/lib/create_user.py index 057bb6590e..65acb905f0 100644 --- a/zerver/lib/create_user.py +++ b/zerver/lib/create_user.py @@ -30,9 +30,9 @@ def create_user_profile(realm, email, password, active, bot, full_name, short_na onboarding_steps=ujson.dumps([])) if bot or not active: - user_profile.set_unusable_password() - else: - user_profile.set_password(password) + password = None + + user_profile.set_password(password) user_profile.api_key = random_api_key() return user_profile diff --git a/zerver/lib/initial_password.py b/zerver/lib/initial_password.py index 56c8091167..40e3d8d083 100644 --- a/zerver/lib/initial_password.py +++ b/zerver/lib/initial_password.py @@ -9,5 +9,9 @@ def initial_password(email): """Given an email address, returns the initial password for that account, as created by populate_db.""" - digest = hashlib.sha256(settings.INITIAL_PASSWORD_SALT + email).digest() - return base64.b64encode(digest)[:16] + if settings.INITIAL_PASSWORD_SALT is not None: + digest = hashlib.sha256(settings.INITIAL_PASSWORD_SALT + email).digest() + return base64.b64encode(digest)[:16] + else: + # None as a password for a user tells Django to set an unusable password + return None \ No newline at end of file diff --git a/zproject/local_settings.py b/zproject/local_settings.py index 4efa612148..3c554c938e 100644 --- a/zproject/local_settings.py +++ b/zproject/local_settings.py @@ -1,8 +1,19 @@ # Secret Django settings for the Zulip project -import os import platform import ConfigParser +config_file = ConfigParser.RawConfigParser() +config_file.read("/etc/zulip/zulip.conf") + +# Whether we're running in a production environment. Note that DEPLOYED does +# **not** mean hosted by us; customer sites are DEPLOYED and ENTERPRISE +# and as such should not for example assume they are the main Zulip site. +DEPLOYED = config_file.has_option('machine', 'deploy_type') +STAGING_DEPLOYED = DEPLOYED and config_file.get('machine', 'deploy_type') == 'staging' +TESTING_DEPLOYED = DEPLOYED and config_file.get('machine', 'deploy_type') == 'test' + +ENTERPRISE = DEPLOYED and config_file.get('machine', 'deploy_type') == 'enterprise' + # Make this unique, and don't share it with anybody. SECRET_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' @@ -17,7 +28,8 @@ HASH_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' AVATAR_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' # Used just for generating initial passwords (only used in testing environments). -INITIAL_PASSWORD_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' +if not DEPLOYED: + INITIAL_PASSWORD_SALT = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' # A shared secret, used to authenticate different parts of the app to each other. # FIXME: store this password more securely @@ -45,18 +57,6 @@ EMAIL_HOST_PASSWORD = 'xxxxxxxxxxxxxxxx' EMAIL_PORT = 587 EMAIL_USE_TLS = True -config_file = ConfigParser.RawConfigParser() -config_file.read("/etc/zulip/zulip.conf") - -# Whether we're running in a production environment. Note that DEPLOYED does -# **not** mean hosted by us; customer sites are DEPLOYED and ENTERPRISE -# and as such should not for example assume they are the main Zulip site. -DEPLOYED = config_file.has_option('machine', 'deploy_type') -STAGING_DEPLOYED = DEPLOYED and config_file.get('machine', 'deploy_type') == 'staging' -TESTING_DEPLOYED = DEPLOYED and config_file.get('machine', 'deploy_type') == 'test' - -ENTERPRISE = DEPLOYED and config_file.get('machine', 'deploy_type') == 'enterprise' - SESSION_SERIALIZER = "django.contrib.sessions.serializers.PickleSerializer" if TESTING_DEPLOYED: diff --git a/zproject/settings.py b/zproject/settings.py index 11062f910e..52856f09f0 100644 --- a/zproject/settings.py +++ b/zproject/settings.py @@ -257,7 +257,8 @@ DEFAULT_SETTINGS = {'TWITTER_CONSUMER_KEY': '', 'NAGIOS_STAGING_SEND_BOT': None, 'NAGIOS_STAGING_RECEIVE_BOT': None, 'APNS_CERT_FILE': None, - 'ZULIP_ADMINISTRATOR': '' + 'ZULIP_ADMINISTRATOR': '', + 'INITIAL_PASSWORD_SALT': None } for setting_name, setting_val in DEFAULT_SETTINGS.iteritems():