diff --git a/docker/src/lemur.conf.py b/docker/src/lemur.conf.py index 3cc51792..4cb3ae0c 100644 --- a/docker/src/lemur.conf.py +++ b/docker/src/lemur.conf.py @@ -1,4 +1,7 @@ import os +import random +import string +import base64 from ast import literal_eval _basedir = os.path.abspath(os.path.dirname(__file__)) @@ -6,10 +9,20 @@ _basedir = os.path.abspath(os.path.dirname(__file__)) CORS = os.environ.get("CORS") == "True" debug = os.environ.get("DEBUG") == "True" -SECRET_KEY = repr(os.environ.get('SECRET_KEY','Hrs8kCDNPuT9vtshsSWzlrYW+d+PrAXvg/HwbRE6M3vzSJTTrA/ZEw==')) -LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET','YVKT6nNHnWRWk28Lra1OPxMvHTqg1ZXvAcO7bkVNSbrEuDQPABM0VQ==')) -LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS','Ls-qg9j3EMFHyGB_NL0GcQLI6622n9pSyGM_Pu0GdCo=')) +def get_random_secret(length): + secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4))) + secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4))) + secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4))) + return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) + + +SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8'))) + +LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET', + base64.b64encode(get_random_secret(32).encode('utf8')))) +LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS', + base64.b64encode(get_random_secret(32).encode('utf8')))) LEMUR_WHITELISTED_DOMAINS = [] diff --git a/lemur/tests/conf.py b/lemur/tests/conf.py index df0be16c..f1019d04 100644 --- a/lemur/tests/conf.py +++ b/lemur/tests/conf.py @@ -1,5 +1,6 @@ # This is just Python which means you can inherit and tweak settings +import base64 import os import random import string @@ -9,8 +10,10 @@ _basedir = os.path.abspath(os.path.dirname(__file__)) # generate random secrets for unittest def get_random_secret(length): - input_ascii = string.ascii_letters + string.digits - return ''.join(random.choice(input_ascii) for i in range(length)) + secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4))) + secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4))) + secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4))) + return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4))) THREADS_PER_PAGE = 8 @@ -23,12 +26,14 @@ debug = False TESTING = True -# this is the secret key used by flask session management -SECRET_KEY = "I/dVhOZNSMZMqrFJa5tWli6VQccOGudKerq3eWPMSzQNmHHVhMAQfQ==" +# this is the secret key used by flask session management (utf8 encoded) +SECRET_KEY = get_random_secret(length=32).encode('utf8') -# You should consider storing these separately from your config + +# You should consider storing these separately from your config (should be URL-safe) LEMUR_TOKEN_SECRET = "test" -LEMUR_ENCRYPTION_KEYS = "o61sBLNBSGtAckngtNrfVNd8xy8Hp9LBGDstTbMbqCY=" +LEMUR_ENCRYPTION_KEYS = base64.urlsafe_b64encode(get_random_secret(length=32).encode('utf8')) + # List of domain regular expressions that non-admin users can issue LEMUR_WHITELISTED_DOMAINS = [