Added password generation routine to default DB

Author: nhr

.openshift/action_hooks/deploy

@@ -10,10 +10,11 @@ if [ ! -f $OPENSHIFT_DATA_DIR/sqlite3.db ]
 then
     echo "Copying $OPENSHIFT_REPO_DIR/wsgi/openshift/sqlite3.db to $OPENSHIFT_DATA_DIR"
     cp "$OPENSHIFT_REPO_DIR"wsgi/openshift/sqlite3.db $OPENSHIFT_DATA_DIR
+    python "$OPENSHIFT_REPO_DIR".openshift/action_hooks/secure_db.py
 else
     echo "Executing 'python $OPENSHIFT_REPO_DIR/wsgi/openshift/manage.py syncdb --noinput'"
     python "$OPENSHIFT_REPO_DIR"wsgi/openshift/manage.py syncdb --noinput
 fi
 
 echo "Executing 'python $OPENSHIFT_REPO_DIR/wsgi/openshift/manage.py collectstatic --noinput'"
-python "$OPENSHIFT_REPO_DIR"wsgi/openshift/manage.py collectstatic --noinput
+python "$OPENSHIFT_REPO_DIR"wsgi/openshift/manage.py collectstatic --noinput

.openshift/action_hooks/secure_db.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+import hashlib, imp, os, sqlite3
+
+# Load the openshift helper library
+lib_path      = os.environ['OPENSHIFT_REPO_DIR'] + 'wsgi/openshift/'
+modinfo       = imp.find_module('openshiftlibs', [lib_path])
+openshiftlibs = imp.load_module('openshiftlibs', modinfo[0], modinfo[1], modinfo[2])
+
+# Open the database
+conn = sqlite3.connect(os.environ['OPENSHIFT_DATA_DIR'] + '/sqlite3.db')
+c    = conn.cursor()
+
+# Grab the default security info
+c.execute('SELECT password FROM AUTH_USER WHERE id = 1')
+pw_info = c.fetchone()[0]
+
+# The password is stored as [hashtype]$[salt]$[hashed]
+pw_fields = pw_info.split("$")
+hashtype  = pw_fields[0]
+old_salt  = pw_fields[1]
+old_pass  = pw_fields[2]
+
+# Randomly generate a new password and a new salt
+# The PASSWORD value below just sets the length (12)
+# for the real new password.
+old_keys = { 'SALT': old_salt, 'PASS': '123456789ABC' }
+use_keys = openshiftlibs.openshift_secure(old_keys)
+
+# Encrypt the new password
+new_salt    = use_keys['SALT']
+new_pass    = use_keys['PASS']
+new_hashed  = hashlib.sha1(new_salt + new_pass).hexdigest()
+new_pw_info = "$".join([hashtype,new_salt,new_hashed])
+
+# Update the database
+c.execute('UPDATE AUTH_USER SET password = ? WHERE id = 1', [new_pw_info])
+conn.commit()
+c.close()
+conn.close()
+
+# Print the new password info
+print "CLIENT_MESSAGE: The password for user 'admin' in your Django app is " + new_pass + " ...be sure to write this down as you will not see this message again.\n"

wsgi/openshift/openshiftlibs.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 import hashlib, inspect, os, random, sys
 
-# Gets the secret token provided by OpenShift 
+# Gets the secret token provided by OpenShift
 # or generates one (this is slightly less secure, but good enough for now)
 def get_openshift_secret_token():
     token = os.getenv('OPENSHIFT_SECRET_TOKEN')
@@ -28,7 +28,7 @@ def openshift_secure(default_keys, secure_function = 'make_secure_key'):
 
     # Only generate random values if on OpenShift
     my_list  = default_keys
-    
+
     if my_token is not None:
         # Loop over each default_key and set the new value
         for key, value in default_keys.iteritems():
@@ -62,8 +62,11 @@ def make_secure_key(key_info):
 	hashcode = key_info['hash']
 	key      = key_info['variable']
 	original = key_info['original']
-	
-	chars = '0123456789abcdef'
+
+	chars  = '0123456789'
+	chars += 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
+	chars += '!@#%^&*()'
+	chars += '-_ []{}<>~`+=,.;:/?|'
 
 	# Use the hash to seed the RNG
 	random.seed(int("0x" + hashcode[:8], 0))