Rewrote _generate_password() so that generated passwords follow the NORDUnet security policy.

1 files changed, 26 insertions, 8 deletions

diff --git a/views.py b/views.py
index 46414b5..0d9b56a 100644
--- a/views.py
+++ b/views.py
@@ -3,6 +3,7 @@ from apps.changepw.models import ChangePasswordForm
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 import re
+import random
 # import your_pw_change_module
 
 def _change_password(request, user, new_password):
@@ -38,14 +39,31 @@ def _get_username(request):
     '''
     return request.user.username.split('@')[0]
 
-def _generate_password(n):
-    '''
-    Returns a psudo random string of lenght n.
-    http://code.activestate.com/recipes/576722-pseudo-random-string/
-    '''
-    import os, math
-    from base64 import b64encode
-    return b64encode(os.urandom(int(math.ceil(0.75*n))),'-_')[:n]
+#def _generate_password(n):
+#    '''
+#    Returns a psudo random string of lenght n.
+#    http://code.activestate.com/recipes/576722-pseudo-random-string/
+#    '''
+#    import os, math
+#    from base64 import b64encode
+#    return b64encode(os.urandom(int(math.ceil(0.75*n))),'-_')[:n]
+    
+def _generate_password(n, z=3):
+    '''
+    Returns a psudo random string of lenght n in accordance to the NORDUnet
+    security standard. z is the number of non-letters to include.
+    '''
+    letters = 'abcdefghijklmnopqrstuvwxyz'
+    others = '1234567890!#%&?+*-_.<>'
+    pw = []    
+    for i in range(0,n//2):
+        pw.append(random.choice(letters))
+        pw.append(random.choice(letters.upper()))
+    random.shuffle(pw)
+    pw = pw[:n]
+    for i in random.sample(range(0,n-1), z):
+        pw[i] = random.choice(others)
+    return ''.join(pw)
 
 def _select_template(request, s):
     '''