Merge pull request #87 from pinterest/prefix-redis

Add prefix to redis

Author: nichochar

README.rst

@@ -68,7 +68,7 @@ Configuration
 
 You can configure the following via environment variables.
 
-`SECRET_KEY` this should be a unique key that's used to sign key.  This should
+`SECRET_KEY` unique key that's used to sign key. This should
 be kept secret.  See the `Flask Documentation`__ for more information.
 
 .. __: http://flask.pocoo.org/docs/quickstart/#sessions
@@ -88,7 +88,9 @@ need to change this.
 
 `SNAPPASS_REDIS_DB` is the database that you want to use on this redis server. Defaults to db 0
 
-`REDIS_URL` is optional and, if set, will be used instead of `REDIS_HOST`, `REDIS_PORT`, and `SNAPPASS_REDIS_DB` to configure the Redis client object. For example: redis://username:password@localhost:6379/0
+`REDIS_URL` (optional) will be used instead of `REDIS_HOST`, `REDIS_PORT`, and `SNAPPASS_REDIS_DB` to configure the Redis client object. For example: redis://username:password@localhost:6379/0
+
+`REDIS_PREFIX` (optional, defaults to `"snappass"`) prefix used on redis keys to prevent collisions with other potential clients
 
 Docker
 ------

snappass/main.py

@@ -13,20 +13,21 @@
 
 
 SNEAKY_USER_AGENTS = ('Slackbot', 'facebookexternalhit', 'Twitterbot',
-                      'Facebot', 'WhatsApp', 'SkypeUriPreview',
-                      'Iframely')
+                      'Facebot', 'WhatsApp', 'SkypeUriPreview', 'Iframely')
 SNEAKY_USER_AGENTS_RE = re.compile('|'.join(SNEAKY_USER_AGENTS))
 NO_SSL = os.environ.get('NO_SSL', False)
 TOKEN_SEPARATOR = '~'
 
 
+# Initialize Flask Application
 app = Flask(__name__)
 if os.environ.get('DEBUG'):
     app.debug = True
 app.secret_key = os.environ.get('SECRET_KEY', 'Secret Key')
 app.config.update(
     dict(STATIC_URL=os.environ.get('STATIC_URL', 'static')))
 
+# Initialize Redis
 if os.environ.get('MOCK_REDIS'):
     from mockredis import mock_strict_redis_client
     redis_client = mock_strict_redis_client()
@@ -38,6 +39,7 @@
     redis_db = os.environ.get('SNAPPASS_REDIS_DB', 0)
     redis_client = redis.StrictRedis(
         host=redis_host, port=redis_port, db=redis_db)
+REDIS_PREFIX = os.environ.get('REDIS_PREFIX', 'snappass')
 
 TIME_CONVERSION = {'week': 604800, 'day': 86400, 'hour': 3600}
 
@@ -97,7 +99,7 @@ def set_password(password, ttl):
     Returns a token comprised of the key where the encrypted password
     is stored, and the decryption key.
     """
-    storage_key = uuid.uuid4().hex
+    storage_key = REDIS_PREFIX + uuid.uuid4().hex
     encrypted_password, encryption_key = encrypt(password)
     redis_client.setex(storage_key, ttl, encrypted_password)
     encryption_key = encryption_key.decode('utf-8')

tests.py

@@ -37,7 +37,7 @@ def test_returned_token_format(self):
         token_fragments = token.split(snappass.TOKEN_SEPARATOR)
         self.assertEqual(2, len(token_fragments))
         redis_key, encryption_key = token_fragments
-        self.assertEqual(32, len(redis_key))
+        self.assertEqual(32 + len(snappass.REDIS_PREFIX), len(redis_key))
         try:
             Fernet(encryption_key.encode('utf-8'))
         except ValueError:
@@ -130,7 +130,7 @@ def test_bots_denial(self):
         ]
 
         for ua in a_few_sneaky_bots:
-            rv = self.app.get('/{0}'.format(key), headers={ 'User-Agent': ua })
+            rv = self.app.get('/{0}'.format(key), headers={'User-Agent': ua})
             self.assertEqual(404, rv.status_code)