Challenge length is now configurable

2020-05-12 13:53:39 +01:00 · 2020-05-12 13:53:39 +01:00 · 0ad15c6277
parent 7b024282e9
commit 0ad15c6277
5 changed files with 34 additions and 19 deletions
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@ -1,13 +1,6 @@
-=======
-Credits
-=======
-
-Development Lead
----------------
+============
+Contributors
+============

 * Gonçalo Valério <gon@ovalerio.net>
-
-Contributors
------------
-
 * Guy Willett - https://github.com/guywillett
--- a/README.rst
+++ b/README.rst
@ -40,7 +40,7 @@ Quickstart

    INSTALLED_APPS = (
        ...
-        'django_cryptolock.apps.DjangoCryptolockConfig',
+        "django_cryptolock.apps.DjangoCryptolockConfig",
        ...
    )

--- a/django_cryptolock/utils.py
+++ b/django_cryptolock/utils.py
@ -41,4 +41,5 @@ def verify_bitcoin_signature(

 def generate_challenge():
    """Generates a new random challenge for the authentication."""
-    return token_hex(8)
+    num_bytes = getattr(settings, "DJCL_CHALLENGE_BYTES", 16)
+    return token_hex(num_bytes)
--- a/docs/usage.rst
+++ b/docs/usage.rst
@ -8,7 +8,7 @@ To use Django-Cryptolock in a project, add it to your `INSTALLED_APPS`:

    INSTALLED_APPS = (
        ...
-        'django_cryptolock.apps.DjangoCryptolockConfig',
+        "django_cryptolock.apps.DjangoCryptolockConfig",
        ...
    )

@ -21,6 +21,9 @@ Now you should add the auth backend you wish to use on your project. You can use
        "django_cryptolock.backends.MoneroAddressBackend",
    ]

+Required Configuration
+----------------------
+
 If you use Monero, currently the following extra settings are required:

 .. code-block:: python
@ -37,6 +40,17 @@ For Bitcoin, you only need to set the ``DJCL_BITCOIN_NETWORK``:

    DJCL_BITCOIN_NETWORK = "mainnet"  # mainnet or testnet

+Optional Configuration
+----------------------
+
+``DJCL_CHALLENGE_BYTES`` can be used to customize the challenge length. The
+default is ``16`` and you should avoid lower values unless you know what you
+are doing.
+
+
+Using the default forms and views
+---------------------------------
+
 Add Django-Cryptolock's URL patterns:

 .. code-block:: python
@ -55,9 +69,9 @@ This will add 2 routes :
 * ``django_cryptolock:signup``
 * ``django_cryptolock:login``

-For usega within you templates. For specific auth pages you can create the
-template files (``login.html`` and ``signup.html``) under a
-``django_cryptolock`` subfolder.
+You can then customize the generated HTML by creating the template files
+(``login.html`` and ``signup.html``) under a ``django_cryptolock`` subfolder in
+your templates directory.

-Both of these templates will have access to a ``form```containing the required
+Both of these templates will have access to a ``form`` containing the required
 fields for the authentication.
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@ -4,6 +4,13 @@ from model_mommy import mommy
 from django_cryptolock.utils import generate_challenge


-def test_challenge_has_8_bytes():
+def test_challenge_has_default_byte_len():
    challenge = generate_challenge()
-    assert len(bytes.fromhex(challenge)) == 8
+    assert len(bytes.fromhex(challenge)) == 16
+
+
+@pytest.mark.parametrize("length", (8, 16, 32, 64))
+def test_challenge_has_custom_byte_len(length, settings):
+    settings.DJCL_CHALLENGE_BYTES = length
+    challenge = generate_challenge()
+    assert len(bytes.fromhex(challenge)) == length