Merge pull request #864 from simple-login/ac/insecure-random

Replace using random with secrets for security purposes
This commit is contained in:
Son Nguyen Kim 2022-03-30 11:49:33 +07:00 committed by GitHub
commit d561bae7dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 7 deletions

View file

@ -1,4 +1,5 @@
import random
import secrets
import string
import facebook
import google.oauth2.credentials
@ -102,7 +103,7 @@ def auth_register():
Session.flush()
# create activation code
code = "".join([str(random.randint(0, 9)) for _ in range(6)])
code = "".join([str(secrets.choice(string.digits)) for _ in range(6)])
AccountActivation.create(user_id=user.id, code=code)
Session.commit()
@ -195,7 +196,7 @@ def auth_reactivate():
Session.commit()
# create activation code
code = "".join([str(random.randint(0, 9)) for _ in range(6)])
code = "".join([str(secrets.choice(string.digits)) for _ in range(6)])
AccountActivation.create(user_id=user.id, code=code)
Session.commit()

View file

@ -1,4 +1,4 @@
import random
import secrets
import string
import time
import urllib.parse
@ -16,7 +16,7 @@ with open(WORDS_FILE_PATH) as f:
def random_word():
return random.choice(_words)
return secrets.choice(_words)
def word_exist(word):
@ -27,7 +27,7 @@ def random_words():
"""Generate a random words. Used to generate user-facing string, for ex email addresses"""
# nb_words = random.randint(2, 3)
nb_words = 2
return "_".join([random.choice(_words) for i in range(nb_words)])
return "_".join([secrets.choice(_words) for i in range(nb_words)])
def random_string(length=10, include_digits=False):
@ -36,7 +36,7 @@ def random_string(length=10, include_digits=False):
if include_digits:
letters += string.digits
return "".join(random.choice(letters) for _ in range(length))
return "".join(secrets.choice(letters) for _ in range(length))
def convert_to_id(s: str):