Skip to content
This repository has been archived by the owner on May 5, 2020. It is now read-only.

Commit

Permalink
fix: Increase default length of login codes
Browse files Browse the repository at this point in the history
  • Loading branch information
@relekang
relekang committed Apr 2, 2019
1 parent 8e8cfc7 commit d02a40e
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 6 deletions.
6 changes: 6 additions & 0 deletions docs/changelog.rst
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
Changelog
=========

4.0.1
-----

Set the default length of codes to 64. The setting ``NOPASSWORD_CODE_LENGTH`` is considered
deprecated.

4.0.0
-----

Expand Down
2 changes: 1 addition & 1 deletion docs/settings.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ django-nopassword settings

.. attribute:: NOPASSWORD_CODE_LENGTH

Default: ``20``
Default: ``64``

The length of the code used to log people in.

Expand Down
4 changes: 2 additions & 2 deletions nopassword/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,15 @@ def create_code_for_user(cls, user, next=None):
if not user.is_active:
return None

code = cls.generate_code(length=getattr(settings, 'NOPASSWORD_CODE_LENGTH', 20))
code = cls.generate_code(length=getattr(settings, 'NOPASSWORD_CODE_LENGTH', 64))
login_code = LoginCode(user=user, code=code)
if next is not None:
login_code.next = next
login_code.save()
return login_code

@classmethod
def generate_code(cls, length=20):
def generate_code(cls, length=64):
hash_algorithm = getattr(settings, 'NOPASSWORD_HASH_ALGORITHM', 'sha256')
m = getattr(hashlib, hash_algorithm)()
m.update(getattr(settings, 'SECRET_KEY', None).encode('utf-8'))
Expand Down
2 changes: 1 addition & 1 deletion tests/test_backends.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ class TwilioBackendTests(TestCase):
def setUp(self):
self.user = get_user_model().objects.create(username='twilio_user')
self.code = LoginCode.create_code_for_user(self.user, next='/secrets/')
self.assertEqual(len(self.code.code), 20)
self.assertEqual(len(self.code.code), 64)
self.assertIsNotNone(authenticate(username=self.user.username, code=self.code.code))

@patch('nopassword.backends.sms.TwilioRestClient')
Expand Down
4 changes: 2 additions & 2 deletions tests/test_models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def setUp(self):
self.code = LoginCode.create_code_for_user(self.user)

def test_login_backend(self):
self.assertEqual(len(self.code.code), 20)
self.assertEqual(len(self.code.code), 64)
self.assertIsNotNone(authenticate(username=self.user.username, code=self.code.code))
self.assertIsNone(LoginCode.create_code_for_user(self.inactive_user))

Expand All @@ -29,7 +29,7 @@ def test_shorter_code(self):
@override_settings(NOPASSWORD_NUMERIC_CODES=True)
def test_numeric_code(self):
code = LoginCode.create_code_for_user(self.user)
self.assertEqual(len(code.code), 20)
self.assertEqual(len(code.code), 64)
self.assertTrue(code.code.isdigit())

def test_next_value(self):
Expand Down

0 comments on commit d02a40e

Please sign in to comment.