mirror of
https://github.com/simple-login/app.git
synced 2024-11-17 14:16:47 +08:00
Merge pull request #864 from simple-login/ac/insecure-random
Replace using random with secrets for security purposes
This commit is contained in:
commit
d561bae7dd
2 changed files with 8 additions and 7 deletions
|
@ -1,4 +1,5 @@
|
||||||
import random
|
import secrets
|
||||||
|
import string
|
||||||
|
|
||||||
import facebook
|
import facebook
|
||||||
import google.oauth2.credentials
|
import google.oauth2.credentials
|
||||||
|
@ -102,7 +103,7 @@ def auth_register():
|
||||||
Session.flush()
|
Session.flush()
|
||||||
|
|
||||||
# create activation code
|
# create activation code
|
||||||
code = "".join([str(random.randint(0, 9)) for _ in range(6)])
|
code = "".join([str(secrets.choice(string.digits)) for _ in range(6)])
|
||||||
AccountActivation.create(user_id=user.id, code=code)
|
AccountActivation.create(user_id=user.id, code=code)
|
||||||
Session.commit()
|
Session.commit()
|
||||||
|
|
||||||
|
@ -195,7 +196,7 @@ def auth_reactivate():
|
||||||
Session.commit()
|
Session.commit()
|
||||||
|
|
||||||
# create activation code
|
# create activation code
|
||||||
code = "".join([str(random.randint(0, 9)) for _ in range(6)])
|
code = "".join([str(secrets.choice(string.digits)) for _ in range(6)])
|
||||||
AccountActivation.create(user_id=user.id, code=code)
|
AccountActivation.create(user_id=user.id, code=code)
|
||||||
Session.commit()
|
Session.commit()
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
import random
|
import secrets
|
||||||
import string
|
import string
|
||||||
import time
|
import time
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
|
@ -16,7 +16,7 @@ with open(WORDS_FILE_PATH) as f:
|
||||||
|
|
||||||
|
|
||||||
def random_word():
|
def random_word():
|
||||||
return random.choice(_words)
|
return secrets.choice(_words)
|
||||||
|
|
||||||
|
|
||||||
def word_exist(word):
|
def word_exist(word):
|
||||||
|
@ -27,7 +27,7 @@ def random_words():
|
||||||
"""Generate a random words. Used to generate user-facing string, for ex email addresses"""
|
"""Generate a random words. Used to generate user-facing string, for ex email addresses"""
|
||||||
# nb_words = random.randint(2, 3)
|
# nb_words = random.randint(2, 3)
|
||||||
nb_words = 2
|
nb_words = 2
|
||||||
return "_".join([random.choice(_words) for i in range(nb_words)])
|
return "_".join([secrets.choice(_words) for i in range(nb_words)])
|
||||||
|
|
||||||
|
|
||||||
def random_string(length=10, include_digits=False):
|
def random_string(length=10, include_digits=False):
|
||||||
|
@ -36,7 +36,7 @@ def random_string(length=10, include_digits=False):
|
||||||
if include_digits:
|
if include_digits:
|
||||||
letters += string.digits
|
letters += string.digits
|
||||||
|
|
||||||
return "".join(random.choice(letters) for _ in range(length))
|
return "".join(secrets.choice(letters) for _ in range(length))
|
||||||
|
|
||||||
|
|
||||||
def convert_to_id(s: str):
|
def convert_to_id(s: str):
|
||||||
|
|
Loading…
Reference in a new issue