From ce7f4674a1ae162c2a4d8b28bd835a7da786d6bd Mon Sep 17 00:00:00 2001
From: janmax <j.michal@stud.uni-goettingen.de>
Date: Thu, 14 Dec 2017 10:50:22 +0100
Subject: [PATCH] Replacing word based passwords with totally random passwords

Closes #29.
---
 Dockerfile        |  3 ---
 util/factories.py | 15 +++++++--------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index bbb5fbb5..3a33f19c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,9 +17,6 @@ RUN apk update \
   && apk add --virtual build-deps gcc python3-dev musl-dev curl \
   && apk add --no-cache postgresql-dev
 
-RUN mkdir -p /usr/share/dict
-RUN curl -s https://gitlab.gwdg.de/snippets/51/raw --output /usr/share/dict/words
-
 WORKDIR /code
 
 COPY . /code
diff --git a/util/factories.py b/util/factories.py
index a4161cfd..e007428f 100644
--- a/util/factories.py
+++ b/util/factories.py
@@ -1,5 +1,6 @@
 import configparser
 import secrets
+import string
 
 from core.models import UserAccount as User
 from core.models import Reviewer, Student, Tutor
@@ -11,12 +12,10 @@ REVIEWERS = 'reviewers'
 PASSWORDS = '.importer_passwords'
 
 
-def get_xkcd_password(k=2):
-    with open('/usr/share/dict/words') as words:
-        choose_from = list({word.strip().lower()
-                            for word in words if 5 < len(word) < 8})
-
-    return ''.join(secrets.choice(choose_from) for _ in range(k))
+def get_random_password(length=32):
+    """ Returns a cryptographically random string of specified length """
+    return ''.join(secrets.choice(string.ascii_lowercase)
+                   for _ in range(length))
 
 
 def store_password(username, groupname, password):
@@ -35,7 +34,7 @@ def store_password(username, groupname, password):
 class GradyUserFactory:
 
     def __init__(self,
-                 password_generator_func=get_xkcd_password,
+                 password_generator_func=get_random_password,
                  password_storge=store_password,
                  *args, **kwargs):
         self.password_generator_func = password_generator_func
@@ -43,7 +42,7 @@ class GradyUserFactory:
 
     @staticmethod
     def _get_random_name(prefix='', suffix='', k=1):
-        return ''.join((prefix, get_xkcd_password(k), suffix))
+        return ''.join((prefix, get_random_password(k), suffix))
 
     def _make_base_user(self, username, groupname, store_pw=False, **kwargs):
         """ This is a specific wrapper for the django update_or_create method of
-- 
GitLab