paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-15 19:31:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial_password: Add explicit development environment assertion.

Browse Source 
The construction of INITIAL_PASSWORD_SALT is such that it should only
be set in development environments, but we should enforce this rule.
This commit is contained in:
Tim Abbott
2022-03-21 10:28:18 -07:00
committed by Tim Abbott
parent 5393ce11c7
commit 57fa62ae4b
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
zerver/lib/initial_password.py
View File

@@ -10,6 +10,10 @@ def initial_password(email: str) -> Optional[str]:
created by populate_db.""" created by populate_db."""
if settings.INITIAL_PASSWORD_SALT is not None: if settings.INITIAL_PASSWORD_SALT is not None:
# We check settings.DEVELOPMENT, not settings.PRODUCTION,
# because some tests mock settings.PRODUCTION and then use
# self.login, which will call this function.
assert settings.DEVELOPMENT, "initial_password_salt should not be set in production."
encoded_key = (settings.INITIAL_PASSWORD_SALT + email).encode() encoded_key = (settings.INITIAL_PASSWORD_SALT + email).encode()
digest = hashlib.sha256(encoded_key).digest() digest = hashlib.sha256(encoded_key).digest()
return base64.b64encode(digest)[:16].decode() return base64.b64encode(digest)[:16].decode()