Disclaimer: this article is not a tutorial. My intent here is to discuss the process of identifying a problem and solving it.
Identifying a problem
I've been learning Python now for over 1 year and I've done all sorts of courses, tutorials, workshops etc., however I always felt something was missing. After reading some articles on PyBites I realised what it was: I had never built something myself. By the time this thoughts were on my mind, I had something bothering me a lot, but I had never done anything to resolve it. That's when the click happened: I had a problem I could easily solve writing an app.
I currently work as a IT support analyst, a customer-facing role dealing with hundreds of thousands of devices all around the UK and Republic of Ireland and, as you may imagine, we work under pressure, complying with strict time constraints to meet the SLA targets. In this scenario, I use several applications to get my job done and each one of these needs a unique secure password that needs to be changed every month and these passwords must meet some criteria in order to keep a minimum complexity and, thus, be safe.
So, here's my problem: quite often, while I was taking a call from a customer, my password for certain application would expire and I needed to create a new one, right there, right now. This is a error-prone situation, due to the fact that I needed to think about the password and still listen to the customer.
This annoying situation led me to a solution: I would certainly take advantage of an application that would automatically generate random passwords meeting the criteria I needed; also, to keep my applications safe, these passwords should never be stored anywhere in any recoverable format at all.
But how would it work? Would it be a desktop application or a web application? Why? What would I need to take into account in order to make a decision?
In terms of complexity, there's not much difference between them. If I opted for a desktop app, I could use Tkinter to create the GUI to support the application. This is a very nice package you can find in the Python Standard Library and it's worth taking a look and try something with it. But there was an issue I further identified: I don't have admin credentials to access my work PC, so I wouldn't be able to install the program once I had it done. Also, my work PC runs on Windows 7, which is not supported by PyInstaller and I would possibly need to install something else before the program, which I can't.
So I moved on to the second possibility: a web app. This option has a lot of advantages. For instance, I could access this app from anywhere just using a web browser and I could easily share the app with my colleagues and show off just a little bit. Also, no need to install anything locally, just click on a link. Sounds perfect, yeah?
Approaching the problem
I needed then to make a decision regarding the tech stack. Obviously, Python was my first choice of a language, but I would also need to decide which framework to use. There are a few options, but let's consider the main ones: Flask and Django. To put it simple, Flask is a light-weight framework for web development and, due to its nature, it's more commonly used for simple applications. On the other hand, Django is super powerful, although heavier than Flask. Reading about both, I had the impression that the learning curve for Django would be steeper and I was anxious to put this project together and have a functional app deployed and live, so I decided to go with Flask. To get somewhat familiar with Flask, I watched this tutorial by Julian Sequeira and built the app proposed by him at the end of the course. Everything was fine and I felt like I was ready to start my own project.
If you've watched this tutorial above, Julian's final project is a BMI (body mass index) calculator. The user inputs their weight and height, the app does the calculation and returns the BMI value. But for my project, I had one extra layer of complexity: dealing with passwords requires a lot of precaution, as we cannot store the passwords generated, they must be genuinely random and one must never be able to recover these passwords from anywhere. There was no intention of inputs from the user, I just wanted the app to automatically generate a password and make it vanish when the app is closed. Luckily, Python is wonderful and there is a good library, package or module for everything you might need, and this is how I found out the secrets module, part of the standard library. At first, I was tempted to use the random module, but I am a good boy and I've made my research before starting to code only to find out that the random module should not be used for security purposes, but secrets should be used for security and cryptographic uses instead.
Reading through the documentation, I found a section for recipes and best practices regarding the use of secrets. From there, I took the inspiration to build the algorithm that governs how my application generates passwords. Let's have a look:
# Generate a ten-character alphanumeric password with # at least one lowercase character, at least one uppercase character, # and at least three digits: import string import secrets alphabet = string.ascii_letters + string.digits while True: password = ''.join(secrets.choice(alphabet) for i in range(10)) if (any(c.islower() for c in password) and any(c.isupper() for c in password) and sum(c.isdigit() for c in password) >= 3): break
So there it is. We start by importing, of course, the secrets module and also the string module, which will be helpful to put a password together. Then we create the variable alphabet that contains the set of characters that can be used in the password, which is another variable created further. The algorithm then starts to run. The password variable starts to be populated by randomly generated letters and numbers from the alphabet until it hits 10 characters, which is the chosen length for the password. However, there are some conditionals that are met during the process of generating the password, and these are explicit from the if statement. If at least one of the characters is lower case, another one is upper case and at least three of them are digits, then the algorithm can stop and return your password. All the established criteria have been met and the password is ready. Very nice!
Due to different criteria requirements, I had to change my algorithm a bit to adapt and satisfy my needs, but the basics is there. You can check my code here.
So that was the basic function of the app, but there was a lot more to be made in order to be able to deploy it. I am definitely not a front-end guy, so I decided to go with basic (like, REALLY basic) HTML and CSS (especially the latter). No fancy visuals. A black and white centered screen with a navbar, a brief description, instructions, the password generated and my contact. That's all I needed. It's there and it works. If anyone wants to help me improve the visuals, please contact me, we can do it together and add new features. I would love to learn from you and improve this little app I love so much.
The result of this app was safe passwords generated in the blink of an eye, colleagues using the app and myself happy with the job I've done all by myself.
This was the soundtrack for this article. Love it!
So, what is the take-away?
Well, I had never before built an app by myself. I know, I know, this is not a super application with multiple features and functionalities. It's simple. But it's my first, it's how I started. And, despite the fact it looks ugly, I'm very proud of it. And, above all, it solved a problem I had and still does.
To build this app I had to:
Learn about password security and how to approach it in Python;
Learn a new framework, at least a good fraction of it, in order to create routes, handle HTTP requests, transfer information from the back-end to the front-end, render templates and so on;
Struggle with some CSS styling - my nightmare;
After all of that, I had to learn how to deploy the app - this part proved to be the most difficult, whilst really interesting. This is what sparked me to become a DevOps enthusiast;
So, it's rewarding, isn't it? I have now at least one project I can showcase and discuss with potential employers and with the community. Also, it sparked me the eagerness to build more and more.
I want to improve this app. I really want it to look better and I would also like to add new features, such as "copy to clipboard" function. Also, I want to build a desktop version for it, so I can have a standalone version of this app installed locally on my machine. So, if you want to help me, you're welcome! Feel free to contact my on my email firstname.lastname@example.org so we can discuss!
What about you? Have you already kick started your first app? Leave me a comment! And if you don't want to miss my next articles, subscribe to my newsletter at the top of the page.