Don't just rely on random for UserPersonConfirmation keys

It looks like we're getting identical keys generated for confirmation
keys. Problem has been reported to django, but in the meantime, salt
with the user and email details, then sha1 to give the final key.

This requires an increase in the field size for key, migration script
included.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>

diff --git a/apps/patchwork/models.py b/apps/patchwork/models.py
index 226a69c3a4037d64afbb3684189a2d446df8d3a5..e516be29d6730664f0a027248d9ec56dcfb9222e 100644 (file)
--- a/apps/patchwork/models.py
+++ b/apps/patchwork/models.py
@@ -129,35 +129,6 @@ class UserProfile(models.Model):
     def __str__(self):
         return self.name()
 
-def _confirm_key():
-    allowedchars = string.ascii_lowercase + string.digits
-    str = ''
-    for i in range(1, 32):
-        str += random.choice(allowedchars)
-    return str;
-
-class UserPersonConfirmation(models.Model):
-    user = models.ForeignKey(User)
-    email = models.CharField(max_length = 200)
-    key = models.CharField(max_length = 32, default = _confirm_key)
-    date = models.DateTimeField(default=datetime.datetime.now)
-    active = models.BooleanField(default = True)
-
-    def confirm(self):
-        if not self.active:
-            return
-        person = None
-        try:
-            person = Person.objects.get(email = self.email)
-        except Exception:
-            pass
-        if not person:
-            person = Person(email = self.email)
-
-        person.link_to_user(self.user)
-        person.save()
-        self.active = False
-
 class State(models.Model):
     name = models.CharField(max_length = 100)
     ordering = models.IntegerField(unique = True)
@@ -316,3 +287,33 @@ class Bundle(models.Model):
         return '\n'.join([p.mbox().as_string(True) \
                         for p in self.patches.all()])
 
+class UserPersonConfirmation(models.Model):
+    user = models.ForeignKey(User)
+    email = models.CharField(max_length = 200)
+    key = HashField()
+    date = models.DateTimeField(default=datetime.datetime.now)
+    active = models.BooleanField(default = True)
+
+    def confirm(self):
+        if not self.active:
+            return
+        person = None
+        try:
+            person = Person.objects.get(email = self.email)
+        except Exception:
+            pass
+        if not person:
+            person = Person(email = self.email)
+
+        person.link_to_user(self.user)
+        person.save()
+        self.active = False
+
+    def save(self):
+        max = 1 << 32
+        if self.key == '':
+            str = '%s%s%d' % (self.user, self.email, random.randint(0, max))
+            self.key = self._meta.get_field('key').construct(str).hexdigest()
+        super(UserPersonConfirmation, self).save()
+
+

diff --git a/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql b/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql
new file mode 100644 (file)
index 0000000..fa10fba
--- /dev/null
+++ b/lib/sql/migration/002-extend-userpersonconfirmation-key-length.sql
@@ -0,0 +1,4 @@
+BEGIN;
+ALTER TABLE patchwork_userpersonconfirmation
+        ALTER COLUMN key TYPE char(40);
+COMMIT;