[MERGE] Forward-port of latest bugfixes from saas-3 up to cc5860fbcf

addons/auth_crypt/auth_crypt.py

@@ -5,7 +5,8 @@ from passlib.context import CryptContext
 import openerp
 from openerp.osv import fields, osv
 
-openerp.addons.base.res.res_users.USER_PRIVATE_FIELDS.append('password_crypt')
+from openerp.addons.base.res import res_users
+res_users.USER_PRIVATE_FIELDS.append('password_crypt')
 
 _logger = logging.getLogger(__name__)
 

addons/auth_signup/res_users.py

@@ -35,7 +35,7 @@ class SignupError(Exception):
 def random_token():
     # the token has an entropy of about 120 bits (6 bits/char * 20 chars)
     chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
-    return ''.join(random.choice(chars) for i in xrange(20))
+    return ''.join(random.SystemRandom().choice(chars) for i in xrange(20))
 
 def now(**kwargs):
     dt = datetime.now() + timedelta(**kwargs)

addons/pad/pad.py

@@ -35,7 +35,7 @@ class pad_common(osv.osv_memory):
         pad["server"] = pad["server"].rstrip('/')
         # generate a salt
         s = string.ascii_uppercase + string.digits
-        salt = ''.join([s[random.randint(0, len(s) - 1)] for i in range(10)])
+        salt = ''.join([s[random.SystemRandom().randint(0, len(s) - 1)] for i in range(10)])
         #path
         # etherpad hardcodes pad id length limit to 50
         path = '-%s-%s' % (self._name, salt)

addons/share/wizard/share_wizard.py

@@ -47,7 +47,7 @@ DOMAIN_ALL = [(1, '=', 1)]
 # A good selection of easy to read password characters (e.g. no '0' vs 'O', etc.)
 RANDOM_PASS_CHARACTERS = 'aaaabcdeeeefghjkmnpqrstuvwxyzAAAABCDEEEEFGHJKLMNPQRSTUVWXYZ23456789'
 def generate_random_pass():
-    return ''.join(random.sample(RANDOM_PASS_CHARACTERS,10))
+    return ''.join(random.SystemRandom().sample(RANDOM_PASS_CHARACTERS,10))
 
 class share_wizard(osv.TransientModel):
     _name = 'share.wizard'