Bug 54555 – General function to generate a password

Bug 54555 - General function to generate a password


Summary:	General function to generate a password

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	univention-lib
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-1-errata
Assigned To:	Nikola Radovanovic
QA Contact:	Dirk Wiesenthal

URL:
Keywords:

Depends on:
Blocks:	54438
	Show dependency tree / graph

Reported:	2022-03-15 17:31 CET by Dirk Wiesenthal
Modified:	2022-03-23 14:14 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Wiesenthal

2022-03-15 17:31:01 CET

We need a general function:

generate_function(...)

that automatically generates a password according to certain parameters. These parameters should be autoset by UCR

Comment 1 Philipp Hahn

2022-03-15 18:17:13 CET

(In reply to Dirk Wiesenthal from comment #0)
> generate_function(...)

bad name, maybe "generate_secret()" instead?

And is this for machine consumption (special characters and unusual casing are okay), or for humans to process (long list of human understandable words would be preferred)? See <https://xkcd.com/936/> for the difference.

And why another one as we already have:
- base/univention-lib/shell/base.sh:144:create_machine_password
- base/univention-lib/python/misc.py:39:def createMachinePassword():
- /usr/bin/makepasswd
- /usr/bin/pwgen
- base/univention-python/modules/password.py from epics/95-service-specific-passwords
- …

Comment 2 Julia Bremer

2022-03-15 18:28:01 CET

(In reply to Philipp Hahn from comment #1)
> (In reply to Dirk Wiesenthal from comment #0)

> And why another one as we already have:

> - /usr/bin/pwgen
> - base/univention-python/modules/password.py from
> epics/95-service-specific-passwords
> - …
This is the bug entry for exactly that method.

Comment 3 Florian Best

2022-03-16 09:41:26 CET

1. Jenkins shows some tracebacks in the tests:

Traceback (most recent call last):
  File "/usr/share/ucs-test/04_univention-lib/021_password_generation.py", line 377, in test_all_lowercase_exclude_a_and_b
    pwd = generate_password(**cfg)
  File "/usr/lib/python3/dist-packages/univention/password.py", line 258, in generate_password
    exclude_characters = set(forbidden_chars) | string.whitespace
TypeError: unsupported operand type(s) for |: 'set' and 'str'

Traceback (most recent call last):
  File "/usr/share/ucs-test/04_univention-lib/021_password_generation.py", line 155, in test_special_characters
    cfg = password_config(self.scope)
  File "/usr/lib/python3/dist-packages/univention/password.py", line 206, in password_config
    'digits': ucr.ucr.get_int('password/quality/credit/digits', 6),
AttributeError: 'dict' object has no attribute 'get_int'

2. Please transform this test into a unit test into the package univention-python. It doesn't have to be executed every night but only when code is changed and you build the package.

Comment 4 Nikola Radovanovic

2022-03-16 11:23:03 CET

(In reply to Florian Best from comment #3)
> 1. Jenkins shows some tracebacks in the tests:
> 
> Traceback (most recent call last):
>   File "/usr/share/ucs-test/04_univention-lib/021_password_generation.py",
> line 377, in test_all_lowercase_exclude_a_and_b
>     pwd = generate_password(**cfg)
>   File "/usr/lib/python3/dist-packages/univention/password.py", line 258, in
> generate_password
>     exclude_characters = set(forbidden_chars) | string.whitespace
> TypeError: unsupported operand type(s) for |: 'set' and 'str'
> 
> Traceback (most recent call last):
>   File "/usr/share/ucs-test/04_univention-lib/021_password_generation.py",
> line 155, in test_special_characters
>     cfg = password_config(self.scope)
>   File "/usr/lib/python3/dist-packages/univention/password.py", line 206, in
> password_config
>     'digits': ucr.ucr.get_int('password/quality/credit/digits', 6),
> AttributeError: 'dict' object has no attribute 'get_int'


Firs traceback is obvious: "join" set and string. As for second one, its a bit confusing (to me at least) since:

root@ucs-2074:~# python3
Python 3.7.3 (default, Jan 22 2021, 20:04:44)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import univention.config_registry as ucr
>>> ucr.ucr.get_int('password/quality/credit/digits', 66)
66
>>> quit()
root@ucs-2074:~# python2
Python 2.7.16 (default, Oct 10 2019, 22:02:15)
[GCC 8.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import univention.config_registry as ucr
>>> ucr.ucr.get_int('password/quality/credit/digits', 66)
66
>>> quit()

And I guess its reported just because its first of couple of similar that follows.

Comment 5 Philipp Hahn

2022-03-16 11:25:01 CET

(In reply to Nikola Radovanovic from comment #4)
> As for second one, its a bit confusing (to me at least) since:

The type annotation for `ucr.ucr` might be wrong: it should be `univention.config_registry.ConfigRegistry` instead of `Dict[str, str]`

Comment 6 Dirk Wiesenthal

2022-03-22 16:05:57 CET

Package: univention-python
Version: 13.0.2-12A~5.0.0.202203161356
Branch: ucs_5.0-0
Scope: errata5.0-1

Comment 7 Dirk Wiesenthal

2022-03-22 16:06:42 CET

functionality as requested: OK
documentation of UCRVs: OK
manual tests: OK
unit tests: OK

VERIFIED

Comment 8 Julia Bremer

2022-03-23 14:14:47 CET

<https://errata.software-univention.de/#/?erratum=5.0x258>