desktopcouch

Merge lp:~sil/desktopcouch/not-so-random into lp:desktopcouch

  1. not-so-random
  2. Merge into trunk
Proposed by Stuart Langridge
Status: Rejected
Rejected by: Elliot Murphy
Proposed branch: lp:~sil/desktopcouch/not-so-random
Merge into: lp:desktopcouch
Diff against target: None lines
To merge this branch: bzr merge lp:~sil/desktopcouch/not-so-random
Reviewer Review Type Date Requested Status
Elliot Murphy (community) Approve
Tim Cole (community) Approve
Review via email: mp+10654@code.launchpad.net

Commit message

Use SystemRandom for passwords/tokens where proper unpredictable randomness matters.

To post a comment you must log in.
Revision history for this message
Stuart Langridge (sil) wrote :

Use SystemRandom for passwords/tokens where proper unpredictable randomness matters.

Revision history for this message
Tim Cole (tcole) :
review: Approve
Revision history for this message
Elliot Murphy (statik) :
review: Approve
Revision history for this message
Elliot Murphy (statik) wrote :

text conflict in desktopcouch/start_local_couchdb.py

Revision history for this message
Elliot Murphy (statik) wrote :

text conflict in desktopcouch/start_local_couchdb.py

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'data/couchdb.tmpl'
--- data/couchdb.tmpl 2009-07-14 13:53:21 +0000
+++ data/couchdb.tmpl 2009-08-20 12:55:54 +0000
@@ -31,7 +31,7 @@
31come back to browse your CouchDB again.</p>31come back to browse your CouchDB again.</p>
32<p>Don't bookmark the CouchDB page itself, because its location may change!</p>32<p>Don't bookmark the CouchDB page itself, because its location may change!</p>
33<p>Taking you to your Desktop CouchDB in <span>30</span> seconds...33<p>Taking you to your Desktop CouchDB in <span>30</span> seconds...
34<a id="there" href="http://localhost:[[COUCHDB_PORT]]/_utils">take me34<a id="there" href="http://[[COUCHDB_USERNAME]]:[[COUCHDB_PASSWORD]]@localhost:[[COUCHDB_PORT]]/_utils">take me
35there straight away from now on</a> (remember to bookmark this page first!)</p>35there straight away from now on</a> (remember to bookmark this page first!)</p>
36</body>36</body>
37</html>37</html>
3838
=== modified file 'desktopcouch/start_local_couchdb.py'
--- desktopcouch/start_local_couchdb.py 2009-08-19 16:00:01 +0000
+++ desktopcouch/start_local_couchdb.py 2009-08-25 13:22:30 +0000
@@ -32,14 +32,16 @@
32"""32"""
3333
34from __future__ import with_statement34from __future__ import with_statement
35import os, subprocess, sys, glob35import os, subprocess, sys, glob, random, string
36import desktopcouch36import desktopcouch
37from desktopcouch import local_files37from desktopcouch import local_files
38import xdg.BaseDirectory38import xdg.BaseDirectory
39import errno39import errno
40import time40import time, gtk, gnomekeyring
41from desktopcouch.records.server import CouchDatabase41from desktopcouch.records.server import CouchDatabase
4242
43ACCEPTABLE_USERNAME_PASSWORD_CHARS = string.lowercase + string.uppercase
44
43def dump_ini(data, filename):45def dump_ini(data, filename):
44 """Dump INI data with sorted sections and keywords"""46 """Dump INI data with sorted sections and keywords"""
45 fd = open(filename, 'w')47 fd = open(filename, 'w')
@@ -56,18 +58,32 @@
5658
57def create_ini_file():59def create_ini_file():
58 """Write CouchDB ini file if not already present"""60 """Write CouchDB ini file if not already present"""
59 # FIXME add update trigger folder
60 #update_trigger_dir = [
61 # 'lib', 'canonical', 'ubuntuone', 'cloud_server', 'update_triggers']
62 #
63 #timestamp_trigger = os.path.join(
64 # *update_trigger_dir + ['timestamp_trigger.py'])
65 #update_trigger = os.path.join(
66 # *update_trigger_dir + ['update_trigger.py'])
67
68 if os.path.exists(local_files.FILE_INI):61 if os.path.exists(local_files.FILE_INI):
69 return62 # load the username and password from the keyring
7063 try:
64 data = gnomekeyring.find_items_sync(gnomekeyring.ITEM_GENERIC_SECRET,
65 {'desktopcouch': 'basic'})
66 except gnomekeyring.NoMatchError:
67 data = None
68 if data:
69 username, password = data[0].secret.split(":")
70 return username, password
71 # otherwise fall through; for some reason the access details aren't
72 # in the keyring, so re-create the ini file and do it all again
73
74 # randomly generate tokens and usernames
75 def make_random_string(count):
76 return ''.join([
77 random.SystemRandom().choice(ACCEPTABLE_USERNAME_PASSWORD_CHARS)
78 for x in range(count)])
79
80 ADMIN_ACCOUNT_USERNAME = make_random_string(10)
81 ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD = make_random_string(10)
82 CONSUMER_KEY = make_random_string(10)
83 CONSUMER_SECRET = make_random_string(10)
84 TOKEN = make_random_string(10)
85 TOKEN_SECRET = make_random_string(10)
86
71 local = {87 local = {
72 'couchdb': {88 'couchdb': {
73 'database_dir': local_files.DIR_DB,89 'database_dir': local_files.DIR_DB,
@@ -81,9 +97,43 @@
81 'file': local_files.FILE_LOG,97 'file': local_files.FILE_LOG,
82 'level': 'info',98 'level': 'info',
83 },99 },
100 'admins': {
101 ADMIN_ACCOUNT_USERNAME: ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD
102 },
103 'oauth_consumer_secrets': {
104 CONSUMER_KEY: CONSUMER_SECRET
105 },
106 'oauth_token_secrets': {
107 TOKEN: TOKEN_SECRET
108 },
109 'oauth_token_users': {
110 TOKEN: ADMIN_ACCOUNT_USERNAME
111 },
112 'couch_httpd_auth': {
113 'require_valid_user': 'true'
114 }
84 }115 }
85116
86 dump_ini(local, local_files.FILE_INI)117 dump_ini(local, local_files.FILE_INI)
118 # save admin account details in keyring
119 item_id = gnomekeyring.item_create_sync(
120 None,
121 gnomekeyring.ITEM_GENERIC_SECRET,
122 'Desktop Couch user authentication',
123 {'desktopcouch': 'basic'},
124 "%s:%s" % (ADMIN_ACCOUNT_USERNAME, ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD),
125 True)
126 # and oauth tokens
127 item_id = gnomekeyring.item_create_sync(
128 None,
129 gnomekeyring.ITEM_GENERIC_SECRET,
130 'Desktop Couch user authentication',
131 {'desktopcouch': 'oauth'},
132 "%s:%s:%s:%s" % (CONSUMER_KEY, CONSUMER_SECRET, TOKEN, TOKEN_SECRET),
133 True)
134
135
136 return (ADMIN_ACCOUNT_USERNAME, ADMIN_ACCOUNT_BASIC_AUTH_PASSWORD)
87137
88def run_couchdb():138def run_couchdb():
89 """Actually start the CouchDB process"""139 """Actually start the CouchDB process"""
@@ -146,7 +196,7 @@
146 # than inefficiently just overwriting it regardless196 # than inefficiently just overwriting it regardless
147 db.add_view(view_name, mapjs, reducejs, dd_name)197 db.add_view(view_name, mapjs, reducejs, dd_name)
148198
149def write_bookmark_file():199def write_bookmark_file(username, password):
150 """Write out an HTML document that the user can bookmark to find their DB"""200 """Write out an HTML document that the user can bookmark to find their DB"""
151 bookmark_file = os.path.join(local_files.DIR_DB, "couchdb.html")201 bookmark_file = os.path.join(local_files.DIR_DB, "couchdb.html")
152202
@@ -182,21 +232,24 @@
182 pass232 pass
183 else:233 else:
184 fp = open(bookmark_file, "w")234 fp = open(bookmark_file, "w")
185 fp.write(html.replace("[[COUCHDB_PORT]]", port))235 out = html.replace("[[COUCHDB_PORT]]", port)
236 out = out.replace("[[COUCHDB_USERNAME]]", username)
237 out = out.replace("[[COUCHDB_PASSWORD]]", password)
238 fp.write(out)
186 fp.close()239 fp.close()
187 print "Browse your desktop CouchDB at file://%s" % \240 print "Browse your desktop CouchDB at file://%s" % \
188 os.path.realpath(bookmark_file)241 os.path.realpath(bookmark_file)
189242
190def start_couchdb():243def start_couchdb():
191 """Execute each step to start a desktop CouchDB"""244 """Execute each step to start a desktop CouchDB"""
192 create_ini_file()245 username, password = create_ini_file()
193 run_couchdb()246 run_couchdb()
194 # Note that we do not call update_design_documents here. This is because247 # Note that we do not call update_design_documents here. This is because
195 # Couch won't actually have started yet, so when update_design_documents248 # Couch won't actually have started yet, so when update_design_documents
196 # calls the Records API, that will call back into get_pid and we end up249 # calls the Records API, that will call back into get_pid and we end up
197 # starting Couch again. Instead, get_pid calls update_design_documents250 # starting Couch again. Instead, get_pid calls update_design_documents
198 # *after* Couch startup has occurred.251 # *after* Couch startup has occurred.
199 write_bookmark_file()252 write_bookmark_file(username, password)
200253
201254
202if __name__ == "__main__":255if __name__ == "__main__":

Subscribers

People subscribed via source and target branches