diff --git a/nsupdate/main/models.py b/nsupdate/main/models.py index 9434f5d..a4e5b22 100644 --- a/nsupdate/main/models.py +++ b/nsupdate/main/models.py @@ -39,7 +39,6 @@ class Domain(models.Model): class Host(models.Model): - """TODO: hash update_secret on save (if not already hashed)""" #fqdn = models.CharField(max_length=256, unique=True, verbose_name="Fully qualified domain name") subdomain = models.CharField(max_length=256, validators=[ RegexValidator( @@ -48,7 +47,7 @@ class Host(models.Model): ), domain_blacklist_validator]) domain = models.ForeignKey(Domain) - update_secret = models.CharField(max_length=256) + update_secret = models.CharField(max_length=256) # gets hashed on save comment = models.CharField(max_length=256, default='', blank=True, null=True) last_update = models.DateTimeField(auto_now=True) @@ -60,4 +59,3 @@ class Host(models.Model): class Meta: unique_together = (('subdomain', 'domain'),) - diff --git a/nsupdate/main/views.py b/nsupdate/main/views.py index 01c8c51..36a8ee1 100644 --- a/nsupdate/main/views.py +++ b/nsupdate/main/views.py @@ -46,6 +46,7 @@ class OverviewView(CreateView): def form_valid(self, form): self.object = form.save(commit=False) self.object.created_by = self.request.user + # see comment in HostView about the quick hasher: self.object.update_secret = make_password(self.object.update_secret, hasher='sha1') self.object.save() messages.add_message(self.request, messages.SUCCESS, 'Host added.') @@ -73,6 +74,10 @@ class HostView(UpdateView): def form_valid(self, form): self.object = form.save(commit=False) self.object.created_by = self.request.user + # note: we use a quick hasher for the update_secret as expensive + # more modern hashes might put too much load on the servers. also + # many update clients might use http without ssl, so it is not too + # secure anyway. self.object.update_secret = make_password(self.object.update_secret, hasher='sha1') self.object.save() messages.add_message(self.request, messages.SUCCESS, 'Host updated.')