perf: 优化系统用户生成密码的复杂度 (#5648)

* perf: 优化系统用户生成密码的复杂度

* perf: 修改 common.random_string
Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: NBai <bugatti_it@163.com>

apps/assets/models/base.py

@@ -11,7 +11,7 @@ from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings
 
-from common.utils.common import timeit
+from common.utils import random_string
 from common.utils import (
     ssh_key_string_to_obj, ssh_key_gen, get_logger, lazyproperty
 )
@@ -205,8 +205,8 @@ class AuthMixin:
         self.save()
 
     @staticmethod
-    def gen_password():
-        return str(uuid.uuid4())
+    def gen_password(length=36):
+        return random_string(length, special_char=True)
 
     @staticmethod
     def gen_key(username):

apps/common/utils/__init__.py

@@ -7,3 +7,4 @@ from .encode import *
 from .http import *
 from .ipip import *
 from .crypto import *
+from .random import *

apps/common/utils/common.py

@@ -7,6 +7,8 @@ import logging
 import datetime
 import uuid
 from functools import wraps
+import string
+import random
 import time
 import ipaddress
 import psutil
@@ -191,14 +193,6 @@ def with_cache(func):
     return wrapper
 
 
-def random_string(length):
-    import string
-    import random
-    charset = string.ascii_letters + string.digits
-    s = [random.choice(charset) for i in range(length)]
-    return ''.join(s)
-
-
 logger = get_logger(__name__)
 
 

apps/common/utils/random.py

 # -*- coding: utf-8 -*-
 #
-import socket
 import struct
 import random
+import socket
+import string
+import secrets
+
+
+string_punctuation = '!#$%&()*+,-.:;<=>?@[]^_{}~'
 
 
 def random_datetime(date_start, date_end):
@@ -14,6 +19,29 @@ def random_ip():
     return socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))
 
 
+def random_string(length, lower=True, upper=True, digit=True, special_char=False):
+    chars = string.ascii_letters
+    if digit:
+        chars += string.digits
+
+    while True:
+        password = list(random.choice(chars) for i in range(length))
+        if upper and not any(c.upper() for c in password):
+            continue
+        if lower and not any(c.lower() for c in password):
+            continue
+        if digit and not any(c.isdigit() for c in password):
+            continue
+        break
+
+    if special_char:
+        spc = random.choice(string_punctuation)
+        i = random.choice(range(len(password)))
+        password[i] = spc
+
+    password = ''.join(password)
+    return password
+
 
 # def strTimeProp(start, end, prop, fmt):
 #     time_start = time.mktime(time.strptime(start, fmt))

apps/users/models/user.py

@@ -18,7 +18,7 @@ from django.shortcuts import reverse
 
 from orgs.utils import current_org
 from orgs.models import OrganizationMember, Organization
-from common.utils import date_expired_default, get_logger, lazyproperty
+from common.utils import date_expired_default, get_logger, lazyproperty, random_string
 from common import fields
 from common.const import choices
 from common.db.models import ChoiceSet
@@ -387,7 +387,7 @@ class TokenMixin:
         cache_key = '%s_%s' % (self.id, remote_addr)
         token = cache.get(cache_key)
         if not token:
-            token = uuid.uuid4().hex
+            token = random_string(36)
         cache.set(token, self.id, expiration)
         cache.set('%s_%s' % (self.id, remote_addr), token, expiration)
         date_expired = timezone.now() + timezone.timedelta(seconds=expiration)