Only use numbers and letters in our API keys.

(imported from commit f845fd092695286b83a2e4c9a5708df778c5b770)
2025-11-15 11:22:04 +00:00 · 2013-05-30 14:21:26 -04:00
parent 05f943395b
commit 47b4283c4b
1 changed files with 6 additions and 1 deletions
--- a/zephyr/lib/create_user.py
+++ b/zephyr/lib/create_user.py
@@ -8,6 +8,7 @@ import base64
 import hashlib
 import simplejson
 import random
+import string

 # The ordered list of onboarding steps we want new users to complete. If the
 # steps are changed here, they must also be changed in onboarding.js.
@@ -37,8 +38,12 @@ def create_user_profile(realm, email, password, active, bot, full_name, short_na
    else:
        user_profile.set_password(password)

+    # select 2 random ascii letters or numbers to fill out our base 64 "encoding"
+    randchars = random.choice(string.ascii_letters + string.digits) + \
+        random.choice(string.ascii_letters + string.digits)
    # Generate a new, random API key
-    user_profile.api_key = base64.b64encode(hashlib.sha256( str(random.getrandbits(256))).digest())[0:32]
+    user_profile.api_key = base64.b64encode(hashlib.sha256(str(random.getrandbits(256))).digest(),
+                                   randchars)[0:32]
    return user_profile

 def create_user(email, password, realm, full_name, short_name,