From b15facb6e4685cc20e18ca8e743fccf229708bd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= Date: Tue, 29 Mar 2022 18:40:52 +0200 Subject: [PATCH 1/2] Use secrets instead of random --- app/api/views/auth.py | 7 ++++--- app/utils.py | 5 +++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/app/api/views/auth.py b/app/api/views/auth.py index 1adc2131..4dd57645 100644 --- a/app/api/views/auth.py +++ b/app/api/views/auth.py @@ -1,4 +1,5 @@ -import random +import secrets +import string import facebook import google.oauth2.credentials @@ -102,7 +103,7 @@ def auth_register(): Session.flush() # create activation code - code = "".join([str(random.randint(0, 9)) for _ in range(6)]) + code = "".join([str(secrets.choice(string.digits)) for _ in range(6)]) AccountActivation.create(user_id=user.id, code=code) Session.commit() @@ -194,7 +195,7 @@ def auth_reactivate(): Session.commit() # create activation code - code = "".join([str(random.randint(0, 9)) for _ in range(6)]) + code = "".join([str(secrets.choice(string.digits)) for _ in range(6)]) AccountActivation.create(user_id=user.id, code=code) Session.commit() diff --git a/app/utils.py b/app/utils.py index 71a87232..42418824 100644 --- a/app/utils.py +++ b/app/utils.py @@ -1,4 +1,5 @@ import random +import secrets import string import time import urllib.parse @@ -27,7 +28,7 @@ def random_words(): """Generate a random words. Used to generate user-facing string, for ex email addresses""" # nb_words = random.randint(2, 3) nb_words = 2 - return "_".join([random.choice(_words) for i in range(nb_words)]) + return "_".join([secrets.choice(_words) for i in range(nb_words)]) def random_string(length=10, include_digits=False): @@ -36,7 +37,7 @@ def random_string(length=10, include_digits=False): if include_digits: letters += string.digits - return "".join(random.choice(letters) for _ in range(length)) + return "".join(secrets.choice(letters) for _ in range(length)) def convert_to_id(s: str): From 19e87a7156bf5449f9c5ed9899ebfcfa4d8929c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= Date: Tue, 29 Mar 2022 18:42:28 +0200 Subject: [PATCH 2/2] More random to secrets --- app/utils.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/utils.py b/app/utils.py index 42418824..38fc96d6 100644 --- a/app/utils.py +++ b/app/utils.py @@ -1,4 +1,3 @@ -import random import secrets import string import time @@ -17,7 +16,7 @@ with open(WORDS_FILE_PATH) as f: def random_word(): - return random.choice(_words) + return secrets.choice(_words) def word_exist(word):