Added configuration options for some secret lengths

2026-05-07 15:34:02 +00:00 · 2016-08-03 00:17:11 +02:00
parent d976d8d26d
commit 221ce9f0ae
9 changed files with 36 additions and 6 deletions
--- a/src/pretix/base/migrations/0025_auto_20160802_2202.py
+++ b/src/pretix/base/migrations/0025_auto_20160802_2202.py
@@ -3,6 +3,7 @@
 from __future__ import unicode_literals

 from django.db import migrations, models
+
 import pretix.base.models.orders
 import pretix.base.models.vouchers

--- a/src/pretix/base/models/invoices.py
+++ b/src/pretix/base/models/invoices.py
@@ -8,7 +8,7 @@ from django.db.models import Max


 def invoice_filename(instance, filename: str) -> str:
-    secret = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(14))
+    secret = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(16))
    return 'invoices/{org}/{ev}/{ev}-{no:05d}-{code}-{secret}.pdf'.format(
        org=instance.event.organizer.slug, ev=instance.event.slug,
        no=instance.invoice_no, code=instance.order.code,
--- a/src/pretix/base/models/orders.py
+++ b/src/pretix/base/models/orders.py
@@ -4,6 +4,7 @@ import string
 from datetime import datetime
 from decimal import Decimal

+from django.conf import settings
 from django.db import models
 from django.utils.timezone import now
 from django.utils.translation import ugettext_lazy as _
@@ -21,7 +22,7 @@ def generate_secret():

 def generate_position_secret():
    # Exclude o,0,1,i,l to avoid confusion with bad fonts/printers
-    return ''.join(random.choice('abcdefghjkmnpqrstuvwxyz23456789') for _ in range(32))
+    return ''.join(random.choice('abcdefghjkmnpqrstuvwxyz23456789') for _ in range(settings.ENTROPY['ticket_secret']))


 class Order(LoggedModel):
@@ -193,7 +194,7 @@ class Order(LoggedModel):
    def assign_code(self):
        charset = list('ABCDEFGHKLMNPQRSTUVWXYZ23456789')
        while True:
-            code = "".join([random.choice(charset) for i in range(5)])
+            code = "".join([random.choice(charset) for i in range(settings.ENTROPY['order_code'])])
            if not Order.objects.filter(event=self.event, code=code).exists():
                self.code = code
                return
--- a/src/pretix/base/models/vouchers.py
+++ b/src/pretix/base/models/vouchers.py
@@ -1,5 +1,6 @@
 import random

+from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.db import models
 from django.utils.translation import ugettext_lazy as _
@@ -13,7 +14,7 @@ from .orders import CartPosition, OrderPosition
 def generate_code():
    charset = list('ABCDEFGHKLMNPQRSTUVWXYZ23456789')
    while True:
-        code = "".join([random.choice(charset) for i in range(16)])
+        code = "".join([random.choice(charset) for i in range(settings.ENTROPY['voucher_code'])])
        if not Voucher.objects.filter(code=code).exists():
            return code

--- a/src/pretix/control/templates/pretixcontrol/vouchers/bulk.html
+++ b/src/pretix/control/templates/pretixcontrol/vouchers/bulk.html
@@ -17,7 +17,8 @@
                               id="voucher-bulk-codes-num"
                               placeholder="{% trans "Number" %}">
                        <div class="input-group-btn">
-                            <button class="btn btn-default" type="button" id="voucher-bulk-codes-generate">
+                            <button class="btn btn-default" type="button" id="voucher-bulk-codes-generate"
+                                data-length="{{ code_length }}">
                                {% trans "Generate random codes" %}
                            </button>
                        </div>
--- a/src/pretix/control/views/vouchers.py
+++ b/src/pretix/control/views/vouchers.py
@@ -1,3 +1,4 @@
+from django.conf import settings
 from django.contrib import messages
 from django.core.urlresolvers import resolve, reverse
 from django.db import transaction
@@ -202,3 +203,8 @@ class VoucherBulkCreate(EventPermissionRequiredMixin, CreateView):
            if response:
                form_class = response
        return form_class
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data(**kwargs)
+        ctx['code_length'] = settings.ENTROPY['voucher_code']
+        return ctx
--- a/src/pretix/settings.py
+++ b/src/pretix/settings.py
@@ -135,6 +135,12 @@ if HAS_CELERY:

 SESSION_COOKIE_DOMAIN = config.get('pretix', 'cookie_domain', fallback=None)

+ENTROPY = {
+    'order_code': config.getint('entropy', 'order_code', fallback=5),
+    'ticket_secret': config.getint('entropy', 'ticket_secret', fallback=32),
+    'voucher_code': config.getint('entropy', 'voucher_code', fallback=16),
+}
+
 # Internal settings

 STATIC_ROOT = os.path.join(os.path.dirname(__file__), 'static.dist')
--- a/src/static/pretixcontrol/js/ui/main.js
+++ b/src/static/pretixcontrol/js/ui/main.js
@@ -57,7 +57,7 @@ $(function () {
    // Vouchers
    $("#voucher-bulk-codes-generate").click(function () {
        var charset = "ABCDEFGHKLMNPQRSTUVWXYZ23456789",
-            i = 0, j = 0, len = 16,
+            i = 0, j = 0, len = parseInt($(this).attr("data-length")),
            num = parseInt($("#voucher-bulk-codes-num").val()), text = "";
        for (j = 0; j < num; j++) {
            var key = [];