changeset 2031:56d8a8a14114

don't use a separate random string function in session.py
author Johannes Berg <johannes AT sipsolutions DOT net>
date Thu, 26 Apr 2007 13:09:02 +0200
parents 00f52826b5df
children cf883a6917ea
files MoinMoin/session.py MoinMoin/util/__init__.py
diffstat 2 files changed, 20 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/session.py	Thu Apr 26 13:08:29 2007 +0200
+++ b/MoinMoin/session.py	Thu Apr 26 13:09:02 2007 +0200
@@ -13,8 +13,8 @@
 import Cookie
 from MoinMoin import caching
 from MoinMoin.user import User
-import random
-import time
+from MoinMoin.util import random_string
+import time, random
 
 class SessionData(object):
     """
@@ -231,18 +231,8 @@
 
 _MOIN_SESSION = 'MOIN_SESSION'
 
-_SECURITY_STRING_CHARS = 'abcdefghijklmnopqrstuvwxyz0123456789_-'
-
-def _generate_security_string(length):
-    """ generate a random length (length/2 .. length)
-        string with random content
-
-        @param length: the maximum length
-        @return: the random string
-    """
-    random_length = random.randint(length/2, length)
-    return ''.join([random.choice(_SECURITY_STRING_CHARS)
-                    for i in range(random_length)])
+_SESSION_NAME_CHARS = 'abcdefghijklmnopqrstuvwxyz0123456789_-'
+_SESSION_NAME_LEN = 32
 
 
 def _make_cookie(request, cookie_name, cookie_string, maxage, expires):
@@ -322,7 +312,8 @@
     if _MOIN_SESSION in cookie:
         session_name = cookie[_MOIN_SESSION].value
         session_name = ''.join([c for c in session_name
-                                if c in _SECURITY_STRING_CHARS])
+                                if c in _SESSION_NAME_CHARS])
+        session_name = session_name[:_SESSION_NAME_LEN]
     return session_name
 
 
@@ -376,7 +367,8 @@
                 store = hasattr(request.cfg, 'anonymous_cookie_lifetime')
                 sessiondata.is_stored = store
         else:
-            session_name = _generate_security_string(32)
+            session_name = random_string(_SESSION_NAME_LEN,
+                                         _SESSION_NAME_CHARS)
             store = hasattr(request.cfg, 'anonymous_cookie_lifetime')
             sessiondata = self.dataclass(request, session_name)
             sessiondata.is_new = True
--- a/MoinMoin/util/__init__.py	Thu Apr 26 13:08:29 2007 +0200
+++ b/MoinMoin/util/__init__.py	Thu Apr 26 13:09:02 2007 +0200
@@ -125,7 +125,16 @@
         self.buffer = None
 
 
-def random_string(length):
-    chars = ''.join([chr(random.randint(0, 255)) for dummy in xrange(length)])
-    return chars
+def random_string(length, allowed_chars=None):
+    """ Generate a random string with given length consisting
+        of the given characters.
 
+        @param length: length of the string
+        @param allowed_chars: string with allowed characters or None
+                              to indicate all 256 byte values should be used
+        @return: random string
+    """
+    if allowed_chars is None:
+        return ''.join([chr(random.randint(0, 255)) for dummy in xrange(length)])
+
+    return ''.join([random.choice(allowed_chars) for dummy in xrange(length)])