From ede75316181b24190b63919b1eb79cd36a4480a8 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Wed, 22 Jan 2025 12:17:31 -0600 Subject: [PATCH] Make onetime password a little easier Insert dashes into password chunks for one-time passwords so that ``` 1_mLHJWwcR2EaxlGOLSuSDO88z ``` becomes ``` 1_mLHJWw-cR2Eax-lGOLSu-SDO88z ``` Which is simpler for end-users to read if required. --- src/middlewared/middlewared/alert/source/api_key.py | 2 +- src/middlewared/middlewared/utils/auth.py | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/middlewared/middlewared/alert/source/api_key.py b/src/middlewared/middlewared/alert/source/api_key.py index 8bd950b273476..4af942c205679 100644 --- a/src/middlewared/middlewared/alert/source/api_key.py +++ b/src/middlewared/middlewared/alert/source/api_key.py @@ -10,7 +10,7 @@ class ApiKeyRevokedAlertClass(AlertClass, SimpleOneShotAlertClass): text = ( "%(key_name)s: API key has been revoked and must either be renewed or deleted. " "Once the maintenance is complete, API client configuration must be updated to " - "use the renwed API key." + "use the renewed API key." ) async def create(self, args): diff --git a/src/middlewared/middlewared/utils/auth.py b/src/middlewared/middlewared/utils/auth.py index 639a583e375a5..2dd8998435e63 100644 --- a/src/middlewared/middlewared/utils/auth.py +++ b/src/middlewared/middlewared/utils/auth.py @@ -138,14 +138,15 @@ def generate_for_uid(self, uid: int) -> str: We store a sha512 hash of the plaintext for authentication purposes """ with self.lock: - plaintext = generate_string(string_size=24) - keyhash = sha512_crypt(plaintext) + p = generate_string(string_size=24) + human_friendly = '-'.join([p[0:6], p[6:12], p[12:18], p[18:24]]) + keyhash = sha512_crypt(human_friendly) expires = monotonic() + 86400 entry = UserOnetimePassword(uid=uid, expires=expires, keyhash=keyhash) self.cnt += 1 self.otpasswd[str(self.cnt)] = entry - return f'{self.cnt}_{plaintext}' + return f'{self.cnt}_{human_friendly}' def authenticate(self, uid: int, plaintext: str) -> OTPWResponse: """ Check passkey matches plaintext string. """