fix: Increase default length of login codes

relekang · relekang · commit d02a40edfded · 2019-04-02T07:41:21.000+02:00
diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -1,6 +1,12 @@
 Changelog
 =========
 
+4.0.1
+-----
+
+Set the default length of codes to 64. The setting ``NOPASSWORD_CODE_LENGTH`` is considered
+deprecated.
+
 4.0.0
 -----
 
diff --git a/docs/settings.rst b/docs/settings.rst
@@ -26,7 +26,7 @@ django-nopassword settings
 
 .. attribute:: NOPASSWORD_CODE_LENGTH
 
-    Default: ``20``
+    Default: ``64``
 
     The length of the code used to log people in.
 
diff --git a/nopassword/models.py b/nopassword/models.py
@@ -31,15 +31,15 @@ def create_code_for_user(cls, user, next=None):
         if not user.is_active:
             return None
 
-        code = cls.generate_code(length=getattr(settings, 'NOPASSWORD_CODE_LENGTH', 20))
+        code = cls.generate_code(length=getattr(settings, 'NOPASSWORD_CODE_LENGTH', 64))
         login_code = LoginCode(user=user, code=code)
         if next is not None:
             login_code.next = next
         login_code.save()
         return login_code
 
     @classmethod
-    def generate_code(cls, length=20):
+    def generate_code(cls, length=64):
         hash_algorithm = getattr(settings, 'NOPASSWORD_HASH_ALGORITHM', 'sha256')
         m = getattr(hashlib, hash_algorithm)()
         m.update(getattr(settings, 'SECRET_KEY', None).encode('utf-8'))
diff --git a/tests/test_backends.py b/tests/test_backends.py
@@ -28,7 +28,7 @@ class TwilioBackendTests(TestCase):
     def setUp(self):
         self.user = get_user_model().objects.create(username='twilio_user')
         self.code = LoginCode.create_code_for_user(self.user, next='/secrets/')
-        self.assertEqual(len(self.code.code), 20)
+        self.assertEqual(len(self.code.code), 64)
         self.assertIsNotNone(authenticate(username=self.user.username, code=self.code.code))
 
     @patch('nopassword.backends.sms.TwilioRestClient')
diff --git a/tests/test_models.py b/tests/test_models.py
@@ -17,7 +17,7 @@ def setUp(self):
         self.code = LoginCode.create_code_for_user(self.user)
 
     def test_login_backend(self):
-        self.assertEqual(len(self.code.code), 20)
+        self.assertEqual(len(self.code.code), 64)
         self.assertIsNotNone(authenticate(username=self.user.username, code=self.code.code))
         self.assertIsNone(LoginCode.create_code_for_user(self.inactive_user))
 
@@ -29,7 +29,7 @@ def test_shorter_code(self):
     @override_settings(NOPASSWORD_NUMERIC_CODES=True)
     def test_numeric_code(self):
         code = LoginCode.create_code_for_user(self.user)
-        self.assertEqual(len(code.code), 20)
+        self.assertEqual(len(code.code), 64)
         self.assertTrue(code.code.isdigit())
 
     def test_next_value(self):
