From 386a378c5db9d539cc3db0bb01027e3e5d711342 Mon Sep 17 00:00:00 2001 From: Nicholas Charriere Date: Sun, 1 Jul 2018 10:19:56 -0700 Subject: [PATCH 1/2] Add prefix to memcache --- snappass/main.py | 8 +++++--- tests.py | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/snappass/main.py b/snappass/main.py index 399d4c5..128ebd9 100644 --- a/snappass/main.py +++ b/snappass/main.py @@ -13,13 +13,13 @@ from werkzeug.urls import url_unquote_plus SNEAKY_USER_AGENTS = ('Slackbot', 'facebookexternalhit', 'Twitterbot', - 'Facebot', 'WhatsApp', 'SkypeUriPreview', - 'Iframely') + 'Facebot', 'WhatsApp', 'SkypeUriPreview', 'Iframely') SNEAKY_USER_AGENTS_RE = re.compile('|'.join(SNEAKY_USER_AGENTS)) NO_SSL = os.environ.get('NO_SSL', False) TOKEN_SEPARATOR = '~' +# Initialize Flask Application app = Flask(__name__) if os.environ.get('DEBUG'): app.debug = True @@ -27,6 +27,7 @@ app.secret_key = os.environ.get('SECRET_KEY', 'Secret Key') app.config.update( dict(STATIC_URL=os.environ.get('STATIC_URL', 'static'))) +# Initialize Redis if os.environ.get('MOCK_REDIS'): from mockredis import mock_strict_redis_client redis_client = mock_strict_redis_client() @@ -38,6 +39,7 @@ else: redis_db = os.environ.get('SNAPPASS_REDIS_DB', 0) redis_client = redis.StrictRedis( host=redis_host, port=redis_port, db=redis_db) +REDIS_PREFIX = os.environ.get('REDIS_PREFIX', 'snappass') TIME_CONVERSION = {'week': 604800, 'day': 86400, 'hour': 3600} @@ -97,7 +99,7 @@ def set_password(password, ttl): Returns a token comprised of the key where the encrypted password is stored, and the decryption key. """ - storage_key = uuid.uuid4().hex + storage_key = REDIS_PREFIX + uuid.uuid4().hex encrypted_password, encryption_key = encrypt(password) redis_client.setex(storage_key, ttl, encrypted_password) encryption_key = encryption_key.decode('utf-8') diff --git a/tests.py b/tests.py index 3788238..a2be23d 100644 --- a/tests.py +++ b/tests.py @@ -37,7 +37,7 @@ class SnapPassTestCase(TestCase): token_fragments = token.split(snappass.TOKEN_SEPARATOR) self.assertEqual(2, len(token_fragments)) redis_key, encryption_key = token_fragments - self.assertEqual(32, len(redis_key)) + self.assertEqual(32 + len(snappass.REDIS_PREFIX), len(redis_key)) try: Fernet(encryption_key.encode('utf-8')) except ValueError: @@ -130,7 +130,7 @@ class SnapPassRoutesTestCase(TestCase): ] for ua in a_few_sneaky_bots: - rv = self.app.get('/{0}'.format(key), headers={ 'User-Agent': ua }) + rv = self.app.get('/{0}'.format(key), headers={'User-Agent': ua}) self.assertEqual(404, rv.status_code) From 76962f8d8c1fe99507ccbe1b6cfcee7225f28b7d Mon Sep 17 00:00:00 2001 From: Nicholas Charriere Date: Sun, 1 Jul 2018 10:25:55 -0700 Subject: [PATCH 2/2] Add REDIS_PREFIX documentation --- README.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 2504f20..ef0391e 100644 --- a/README.rst +++ b/README.rst @@ -68,7 +68,7 @@ Configuration You can configure the following via environment variables. -`SECRET_KEY` this should be a unique key that's used to sign key. This should +`SECRET_KEY` unique key that's used to sign key. This should be kept secret. See the `Flask Documentation`__ for more information. .. __: http://flask.pocoo.org/docs/quickstart/#sessions @@ -88,7 +88,9 @@ need to change this. `SNAPPASS_REDIS_DB` is the database that you want to use on this redis server. Defaults to db 0 -`REDIS_URL` is optional and, if set, will be used instead of `REDIS_HOST`, `REDIS_PORT`, and `SNAPPASS_REDIS_DB` to configure the Redis client object. For example: redis://username:password@localhost:6379/0 +`REDIS_URL` (optional) will be used instead of `REDIS_HOST`, `REDIS_PORT`, and `SNAPPASS_REDIS_DB` to configure the Redis client object. For example: redis://username:password@localhost:6379/0 + +`REDIS_PREFIX` (optional, defaults to `"snappass"`) prefix used on redis keys to prevent collisions with other potential clients Docker ------