kallithea Files · docs/api/models.rst

Files @ 9a02f9ef28d7

Branch filter:

Location: kallithea/docs/api/models.rst - annotation

9a02f9ef28d7 632 B text/prs.fallenstein.rst Show Source Show as Raw Download as Raw

Mads Kiilerich

utils: make API key generator more random

The API key generator abused temporary filenames in what seems to be an attempt
of creating keys that unambiguously specified the user and thus were unique
across users. A final hashing did however remove that property.

More importantly, tempfile is not documented to use secure random numbers ...
and it only uses 6 characters, giving approximately 36 bits of entropy.

Instead, use the cryptographically secure os.urandom directly to generate keys
with the same length but with the full 160 bits of entropy.

Reported and fixed by Andrew Bartlett.

64a5386216c5
bb35ad076e2f
17c9393e9645
bb35ad076e2f
bb35ad076e2f
bb35ad076e2f
7e5f8c12a3fc
bb35ad076e2f
8b8edfc25856
7e5f8c12a3fc
9da24750f563
8b8edfc25856
7e5f8c12a3fc
8b8edfc25856
9da24750f563
7e5f8c12a3fc
bb35ad076e2f
9da24750f563
7e5f8c12a3fc
8b8edfc25856
9da24750f563
7e5f8c12a3fc
8b8edfc25856
bb35ad076e2f
499c513967a1
9da24750f563
8b8edfc25856
7e5f8c12a3fc
bb35ad076e2f
8b8edfc25856
7e5f8c12a3fc
8b8edfc25856
8b8edfc25856
499c513967a1
8b8edfc25856

.. _models:

========================
The :mod:`models` Module
========================

.. automodule:: kallithea.model
   :members:

.. automodule:: kallithea.model.comment
   :members:

.. automodule:: kallithea.model.notification
   :members:

.. automodule:: kallithea.model.permission
   :members:

.. automodule:: kallithea.model.repo_permission
   :members:

.. automodule:: kallithea.model.repo
   :members:

.. automodule:: kallithea.model.repo_group
   :members:

.. automodule:: kallithea.model.scm
   :members:

.. automodule:: kallithea.model.user
   :members:

.. automodule:: kallithea.model.user_group
   :members: