20344324773

Committed 18 Dec 2025 04:46PM UTC coverage: 93.715% (-0.7%) from 94.409%

Build # 20344324773

Build Type

Pull #188

github

Committed by

web-flow

Commit Message

Merge 63b6cf916 into ba7ca24e4

Pull Request Pull Request #188: feat(client): A few improvements to clients

Run Details

66 of 72 branches covered (91.67%)

Branch coverage included in aggregate %.

34 of 44 new or added lines in 5 files covered. (77.27%)

4 existing lines in 2 files now uncovered.

1291 of 1376 relevant lines covered (93.82%)

0.94 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

68.57

/scram/shared/shared_code.py

"""A Module for defining shared code."""

import secrets
import string


def make_random_password(length: int = 20, min_digits: int = 5, max_attempts: int = 10000) -> str:
    """make_random_password replaces the deprecated django make_random_password function.

    Generates a random password of a specified length containing at least a specified number of digits using the
    official python best practices and some additional sanity checks. The python docs for this can be found at
    https://docs.python.org/3/library/secrets.html#recipes-and-best-practices. Note that generating long passwords
    with a high number of digits (>100) is inefficient and should be avoided. This password should only be used for
    temporary purposes, such as for a user to log in to the web interface and change their password.

    Args:
        length (int, optional): The total length of the password to generate. Defaults to 20.
        min_digits (int, optional): The minimum number of digits the password needs. Defaults to 5.
        max_attempts (int, optional): The maximum number of attempts to generate a valid password. Defaults to 10000.

    Raises:
        ValueError: Password length must be at least 1
        ValueError: min_digits cannot be negative
        ValueError: min_digits cannot exceed password length
        ValueError: For performance reasons, min_digits cannot exceed 30% of the password length
        RuntimeError: Failed to generate a valid password after max_attempts attempts

    Returns:
        password (str): The generated password.
    """
    if length < 1:
        message = "Password length must be at least 1"
        raise ValueError(message)
    if min_digits < 0:
        message = "min_digits cannot be negative"
        raise ValueError(message)
    if min_digits > length:
        message = "min_digits cannot exceed password length"
        raise ValueError(message)
    # Only allow a somewhat arbitrary threshold of 30% of the password length for min_digits, for performance reasons.
    if min_digits > length * 0.3:
        message = "For performance reasons, min_digits cannot exceed 30% of the password length"
        raise ValueError(message)

    alphabet = string.ascii_letters + string.digits

    for _attempt in range(max_attempts):
        password = "".join(secrets.choice(alphabet) for _i in range(length))
        if (
            any(c.islower() for c in password)
            and any(c.isupper() for c in password)
            and sum(c.isdigit() for c in password) >= min_digits
        ):
            return password

    # If we reached this point, we failed to generate a valid password after max_attempts attempts, likely due to the
    # required password length being very long and the min_digits being high.
    message = f"Failed to generate a valid password after {max_attempts} attempts"
    raise RuntimeError(message)


def get_client_ip(request) -> str | None:
    """Get the client's IP address from the request.

    Checks the HTTP_X_FORWARDED_FOR header first, then falls back to REMOTE_ADDR.

    Returns:
        IP address from the client
    """
    x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
    if x_forwarded_for:
        ip = x_forwarded_for.split(",")[0]
    else:
        ip = request.META.get("REMOTE_ADDR")
    return ip

1	"""A Module for defining shared code."""
2
3	import secrets	1✔
4	import string	1✔
5
6
7	def make_random_password(length: int = 20, min_digits: int = 5, max_attempts: int = 10000) -> str:	1✔
8	"""make_random_password replaces the deprecated django make_random_password function.
9
10	Generates a random password of a specified length containing at least a specified number of digits using the
11	official python best practices and some additional sanity checks. The python docs for this can be found at
12	https://docs.python.org/3/library/secrets.html#recipes-and-best-practices. Note that generating long passwords
13	with a high number of digits (>100) is inefficient and should be avoided. This password should only be used for
14	temporary purposes, such as for a user to log in to the web interface and change their password.
15
16	Args:
17	length (int, optional): The total length of the password to generate. Defaults to 20.
18	min_digits (int, optional): The minimum number of digits the password needs. Defaults to 5.
19	max_attempts (int, optional): The maximum number of attempts to generate a valid password. Defaults to 10000.
20
21	Raises:
22	ValueError: Password length must be at least 1
23	ValueError: min_digits cannot be negative
24	ValueError: min_digits cannot exceed password length
25	ValueError: For performance reasons, min_digits cannot exceed 30% of the password length
26	RuntimeError: Failed to generate a valid password after max_attempts attempts
27
28	Returns:
29	password (str): The generated password.
30	"""
31	if length < 1:	1✔
32	message = "Password length must be at least 1"	×
33	raise ValueError(message)	×
34	if min_digits < 0:	1✔
35	message = "min_digits cannot be negative"	×
36	raise ValueError(message)	×
37	if min_digits > length:	1✔
38	message = "min_digits cannot exceed password length"	×
39	raise ValueError(message)	×
40	# Only allow a somewhat arbitrary threshold of 30% of the password length for min_digits, for performance reasons.
41	if min_digits > length * 0.3:	1✔
42	message = "For performance reasons, min_digits cannot exceed 30% of the password length"	×
43	raise ValueError(message)	×
44
45	alphabet = string.ascii_letters + string.digits	1✔
46
47	for _attempt in range(max_attempts):	1✔
48	password = "".join(secrets.choice(alphabet) for _i in range(length))	1✔
49	if (	1✔
50	any(c.islower() for c in password)
51	and any(c.isupper() for c in password)
52	and sum(c.isdigit() for c in password) >= min_digits
53	):
54	return password	1✔
55
56	# If we reached this point, we failed to generate a valid password after max_attempts attempts, likely due to the
57	# required password length being very long and the min_digits being high.
58	message = f"Failed to generate a valid password after {max_attempts} attempts"	×
59	raise RuntimeError(message)	×
60
61
62	def get_client_ip(request) -> str \| None:	1✔
63	"""Get the client's IP address from the request.
64
65	Checks the HTTP_X_FORWARDED_FOR header first, then falls back to REMOTE_ADDR.
66
67	Returns:
68	IP address from the client
69	"""
70	x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")	1✔
71	if x_forwarded_for:	1✔
NEW 72	ip = x_forwarded_for.split(",")[0]	×
73	else:
74	ip = request.META.get("REMOTE_ADDR")	1✔
75	return ip	1✔

esnet-security / SCRAM / 20344324773

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous