zulip/zerver/lib/initial_password.py

import base64
import hashlib

from django.conf import settings


def initial_password(email: str) -> str | None:
    """Given an email address, returns the initial password for that account, as
    created by populate_db."""

    if settings.INITIAL_PASSWORD_SALT is not None:
        # We check settings.DEVELOPMENT, not settings.PRODUCTION,
        # because some tests mock settings.PRODUCTION and then use
        # self.login, which will call this function.
        assert settings.DEVELOPMENT, "initial_password_salt should not be set in production."
        encoded_key = (settings.INITIAL_PASSWORD_SALT + email).encode()
        digest = hashlib.sha256(encoded_key).digest()
        return base64.b64encode(digest)[:16].decode()
    else:
        # None as a password for a user tells Django to set an unusable password
        return None
Create accounts with passwords which are deterministic but hard to guess (from the outside) (imported from commit 964610fec6c4690c1e881f2bab252296663c819a) 2012-10-10 16:59:59 +02:00			`import base64`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`import hashlib`
Annotate debug.py, initial_password.py, narrow.py, response.py. Also, fixed up the annotations for tornadoviews to better align with how narrows was defined as `Iterable[Sequence[str]]` rather than `List[Tuple[str, str]]`. 2016-06-04 20:38:42 +02:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`from django.conf import settings`

Annotate debug.py, initial_password.py, narrow.py, response.py. Also, fixed up the annotations for tornadoviews to better align with how narrows was defined as `Iterable[Sequence[str]]` rather than `List[Tuple[str, str]]`. 2016-06-04 20:38:42 +02:00
ruff: Fix UP007 Use `X \| Y` for type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2024-07-12 02:30:23 +02:00			`def initial_password(email: str) -> str \| None:`
Create accounts with passwords which are deterministic but hard to guess (from the outside) (imported from commit 964610fec6c4690c1e881f2bab252296663c819a) 2012-10-10 16:59:59 +02:00			`"""Given an email address, returns the initial password for that account, as`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`created by populate_db."""`
Create accounts with passwords which are deterministic but hard to guess (from the outside) (imported from commit 964610fec6c4690c1e881f2bab252296663c819a) 2012-10-10 16:59:59 +02:00
Only create initial passwords for local dev setups (imported from commit 2ef33ebbab0fe21486acbb1a3a78ed434abac2db) 2013-11-12 18:20:05 +01:00			`if settings.INITIAL_PASSWORD_SALT is not None:`
initial_password: Add explicit development environment assertion. The construction of INITIAL_PASSWORD_SALT is such that it should only be set in development environments, but we should enforce this rule. 2022-03-21 18:28:18 +01:00			`# We check settings.DEVELOPMENT, not settings.PRODUCTION,`
			`# because some tests mock settings.PRODUCTION and then use`
			`# self.login, which will call this function.`
			`assert settings.DEVELOPMENT, "initial_password_salt should not be set in production."`
python: Remove default "utf8" argument for encode(), decode(). Partially generated by pyupgrade. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-08-02 23:20:39 +02:00			`encoded_key = (settings.INITIAL_PASSWORD_SALT + email).encode()`
python3: Add missing utf-8 encoding/decoding in various places. 2016-01-24 05:18:35 +01:00			`digest = hashlib.sha256(encoded_key).digest()`
python: Remove default "utf8" argument for encode(), decode(). Partially generated by pyupgrade. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-08-02 23:20:39 +02:00			`return base64.b64encode(digest)[:16].decode()`
Only create initial passwords for local dev setups (imported from commit 2ef33ebbab0fe21486acbb1a3a78ed434abac2db) 2013-11-12 18:20:05 +01:00			`else:`
			`# None as a password for a user tells Django to set an unusable password`
python3: Add missing utf-8 encoding/decoding in various places. 2016-01-24 05:18:35 +01:00			`return None`