nikdoof/test-auth
1
0
Fork 0
mirror of https://github.com/nikdoof/test-auth.git synced 2025-12-15 15:22:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Dont use settings secretkey for password resets

Browse Source
This commit is contained in:
Andrew Williams
2010-03-24 11:10:30 +00:00
parent f47917ac26
commit 87bb8e37fb
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sso/services/jabber/xmppclient.py
View File

@@ -2,7 +2,6 @@ import time
import xmpp import xmpp
import random import random
import hashlib import hashlib
import settings
class JabberAdmin(): class JabberAdmin():
""" Adds a jabber user to a remote Jabber server """ """ Adds a jabber user to a remote Jabber server """
@@ -128,7 +127,7 @@ class JabberAdmin():
except: except:
return False return False
pass = hashlib.sha1('%s%s%s' % (username, settings.SECRET_KEY, random.randint(0, 2147483647))).hexdigest() pass = hashlib.sha1('%s%s%s' % (username, random.randint(0, 2147483647))).hexdigest()
if self.resetpassword(username, pass): if self.resetpassword(username, pass):
return self.kickuser(username) return self.kickuser(username)
else: else: