From 26225aff575e2fafd936323800b4585c16b61eb5 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Tue, 7 Mar 2017 22:56:29 -0500 Subject: [PATCH] Shorten key length to 20 bytes --- netbox/users/migrations/0001_api_tokens.py | 9 ++++++--- netbox/users/models.py | 6 +++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/netbox/users/migrations/0001_api_tokens.py b/netbox/users/migrations/0001_api_tokens.py index 0f0943925..3ab282277 100644 --- a/netbox/users/migrations/0001_api_tokens.py +++ b/netbox/users/migrations/0001_api_tokens.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Generated by Django 1.10.6 on 2017-03-07 20:57 +# Generated by Django 1.10.6 on 2017-03-08 03:52 from __future__ import unicode_literals from django.conf import settings @@ -22,10 +22,13 @@ class Migration(migrations.Migration): ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('created', models.DateTimeField(auto_now_add=True)), ('expires', models.DateTimeField(blank=True, null=True)), - ('key', models.CharField(max_length=64, unique=True)), - ('write_enabled', models.BooleanField(default=True, help_text=b'Permit POST/PUT/DELETE operations using this key')), + ('key', models.CharField(max_length=40, unique=True)), + ('write_enabled', models.BooleanField(default=True, help_text=b'Permit create/update/delete operations using this key')), ('description', models.CharField(blank=True, max_length=100)), ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='tokens', to=settings.AUTH_USER_MODEL)), ], + options={ + 'default_permissions': [], + }, ), ] diff --git a/netbox/users/models.py b/netbox/users/models.py index 6c7608292..c3a2129e7 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -15,7 +15,7 @@ class Token(models.Model): user = models.ForeignKey(User, related_name='tokens', on_delete=models.CASCADE) created = models.DateTimeField(auto_now_add=True) expires = models.DateTimeField(blank=True, null=True) - key = models.CharField(max_length=64, unique=True) + key = models.CharField(max_length=40, unique=True) write_enabled = models.BooleanField(default=True, help_text="Permit create/update/delete operations using this key") description = models.CharField(max_length=100, blank=True) @@ -31,5 +31,5 @@ class Token(models.Model): return super(Token, self).save(*args, **kwargs) def generate_key(self): - # Generate a random 256-bit key expressed in hexadecimal. - return binascii.hexlify(os.urandom(32)).decode() + # Generate a random 160-bit key expressed in hexadecimal. + return binascii.hexlify(os.urandom(20)).decode()