gendummydata: employ a salted hash for users

As of Python updates, we are no longer considering rows with empty salts to be legacy hashes. Update gendummydata.py to generate salts for the legacy passwords it uses with salt rounds = 4. Signed-off-by: Kevin Morris <kevr@0cost.org>
2025-02-03 10:43:03 +01:00 · 2021-06-25 16:17:38 -07:00 · 2021-06-25 16:17:38 -07:00 · 201a04ffb9
commit 201a04ffb9
parent d95e4ec443
1 changed files with 12 additions and 4 deletions
--- a/schema/gendummydata.py
+++ b/schema/gendummydata.py
@ -16,6 +16,8 @@ import random
 import sys
 import time

+import bcrypt
+
 LOG_LEVEL = logging.DEBUG  # logging level. set to logging.INFO to reduce output
 SEED_FILE = "/usr/share/dict/words"
 USER_ID = 5            # Users.ID of first bogus user
@ -182,11 +184,17 @@ for u in user_keys:
            #
            pass

+    # For dummy data, we just use 4 salt rounds.
+    salt = bcrypt.gensalt(rounds=4).decode()
+
+    # "{salt}{username}"
+    to_hash = f"{salt}{u}"
+
    h = hashlib.new('md5')
-    h.update(u.encode())
-    s = ("INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd)"
-         " VALUES (%d, %d, '%s', '%s@example.com', '%s');\n")
-    s = s % (seen_users[u], account_type, u, u, h.hexdigest())
+    h.update(to_hash.encode())
+    s = ("INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd, Salt)"
+         " VALUES (%d, %d, '%s', '%s@example.com', '%s', '%s');\n")
+    s = s % (seen_users[u], account_type, u, u, h.hexdigest(), salt)
    out.write(s)

 log.debug("Number of developers: %d" % len(developers))