zulip/zerver/lib/initial_password.py

23 lines
879 B
Python
Raw Normal View History

import base64
import hashlib
from typing import Optional
from django.conf import settings
def initial_password(email: str) -> Optional[str]:
"""Given an email address, returns the initial password for that account, as
created by populate_db."""
if settings.INITIAL_PASSWORD_SALT is not None:
# We check settings.DEVELOPMENT, not settings.PRODUCTION,
# because some tests mock settings.PRODUCTION and then use
# self.login, which will call this function.
assert settings.DEVELOPMENT, "initial_password_salt should not be set in production."
encoded_key = (settings.INITIAL_PASSWORD_SALT + email).encode()
digest = hashlib.sha256(encoded_key).digest()
return base64.b64encode(digest)[:16].decode()
else:
# None as a password for a user tells Django to set an unusable password
return None