Skip to content

Commit

Permalink
Use base64 instead of hex for passwords because security
Browse files Browse the repository at this point in the history 
Also fix a brakeman falure by quoting the password for SQL when
creating the awx role.
  • Loading branch information
@carbonin
carbonin committed Jan 25, 2017
1 parent 7e97c7e commit d277d40
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions lib/embedded_ansible.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,19 +93,20 @@ def self.configure_secret_key
private_class_method :configure_secret_key

def self.generate_admin_password
miq_database.ansible_admin_password = SecureRandom.hex
miq_database.ansible_admin_password = generate_password
end
private_class_method :generate_admin_password

def self.generate_rabbitmq_password
miq_database.ansible_rabbitmq_password = SecureRandom.hex
miq_database.ansible_rabbitmq_password = generate_password
end
private_class_method :generate_rabbitmq_password

def self.generate_database_password
password = SecureRandom.hex
ApplicationRecord.connection.select_value("CREATE ROLE awx WITH LOGIN PASSWORD '#{password}'")
ApplicationRecord.connection.select_value("CREATE DATABASE awx OWNER awx ENCODING 'utf8'")
conn = ActiveRecord::Base.connection
password = generate_password
conn.select_value("CREATE ROLE awx WITH LOGIN PASSWORD #{conn.quote(password)}")
conn.select_value("CREATE DATABASE awx OWNER awx ENCODING 'utf8'")
miq_database.ansible_database_password = password
end
private_class_method :generate_database_password
Expand Down Expand Up @@ -147,4 +148,9 @@ def self.miq_database
MiqDatabase.first
end
private_class_method :miq_database

def self.generate_password
SecureRandom.base64(18).tr("+/", "-_")
end
private_class_method :generate_password
end

0 comments on commit d277d40

Please sign in to comment.