mirror of
https://github.com/zulip/zulip.git
synced 2025-11-04 05:53:43 +00:00
57fa62ae4b
The construction of INITIAL_PASSWORD_SALT is such that it should only be set in development environments, but we should enforce this rule.
23 lines
879 B
Python
23 lines
879 B
Python
import base64
|
|
import hashlib
|
|
from typing import Optional
|
|
|
|
from django.conf import settings
|
|
|
|
|
|
def initial_password(email: str) -> Optional[str]:
|
|
"""Given an email address, returns the initial password for that account, as
|
|
created by populate_db."""
|
|
|
|
if settings.INITIAL_PASSWORD_SALT is not None:
|
|
# We check settings.DEVELOPMENT, not settings.PRODUCTION,
|
|
# because some tests mock settings.PRODUCTION and then use
|
|
# self.login, which will call this function.
|
|
assert settings.DEVELOPMENT, "initial_password_salt should not be set in production."
|
|
encoded_key = (settings.INITIAL_PASSWORD_SALT + email).encode()
|
|
digest = hashlib.sha256(encoded_key).digest()
|
|
return base64.b64encode(digest)[:16].decode()
|
|
else:
|
|
# None as a password for a user tells Django to set an unusable password
|
|
return None
|