mirror of
https://github.com/simple-login/app.git
synced 2024-11-17 14:16:47 +08:00
Merge pull request #864 from simple-login/ac/insecure-random
Replace using random with secrets for security purposes
This commit is contained in:
Son Nguyen Kim
GitHub
commit
d561bae7dd
2 changed files with 8 additions and 7 deletions
|
|
@ -1,4 +1,5 @@
|
|||
import random
|
||||
import secrets
|
||||
import string
|
||||
|
||||
import facebook
|
||||
import google.oauth2.credentials
|
||||
|
|
@ -102,7 +103,7 @@ def auth_register():
|
|||
Session.flush()
|
||||
|
||||
# create activation code
|
||||
code = "".join([str(random.randint(0, 9)) for _ in range(6)])
|
||||
code = "".join([str(secrets.choice(string.digits)) for _ in range(6)])
|
||||
AccountActivation.create(user_id=user.id, code=code)
|
||||
Session.commit()
|
||||
|
||||
|
|
@ -195,7 +196,7 @@ def auth_reactivate():
|
|||
Session.commit()
|
||||
|
||||
# create activation code
|
||||
code = "".join([str(random.randint(0, 9)) for _ in range(6)])
|
||||
code = "".join([str(secrets.choice(string.digits)) for _ in range(6)])
|
||||
AccountActivation.create(user_id=user.id, code=code)
|
||||
Session.commit()
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
import random
|
||||
import secrets
|
||||
import string
|
||||
import time
|
||||
import urllib.parse
|
||||
|
|
@ -16,7 +16,7 @@ with open(WORDS_FILE_PATH) as f:
|
|||
|
||||
|
||||
def random_word():
|
||||
return random.choice(_words)
|
||||
return secrets.choice(_words)
|
||||
|
||||
|
||||
def word_exist(word):
|
||||
|
|
@ -27,7 +27,7 @@ def random_words():
|
|||
"""Generate a random words. Used to generate user-facing string, for ex email addresses"""
|
||||
# nb_words = random.randint(2, 3)
|
||||
nb_words = 2
|
||||
return "_".join([random.choice(_words) for i in range(nb_words)])
|
||||
return "_".join([secrets.choice(_words) for i in range(nb_words)])
|
||||
|
||||
|
||||
def random_string(length=10, include_digits=False):
|
||||
|
|
@ -36,7 +36,7 @@ def random_string(length=10, include_digits=False):
|
|||
if include_digits:
|
||||
letters += string.digits
|
||||
|
||||
return "".join(random.choice(letters) for _ in range(length))
|
||||
return "".join(secrets.choice(letters) for _ in range(length))
|
||||
|
||||
|
||||
def convert_to_id(s: str):
|
||||
|
|
|
|||
Loading…
Reference in a new issue