From 1a73a9e373966069691fec6812a364e48d897e17 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 26 May 2026 12:02:36 +0200 Subject: [PATCH] fix: replace random module with secrets for secure code generation in VerificationCode --- tienda/models.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tienda/models.py b/tienda/models.py index f91e6ee..16efa5d 100644 --- a/tienda/models.py +++ b/tienda/models.py @@ -6,7 +6,8 @@ from django.contrib.auth.models import User, AbstractUser from django.core.validators import MaxValueValidator from django.utils.crypto import get_random_string from .vars import VAT_RATE, TRANSACTION_CODE_PREFIX, TRANSACTION_CODE_LENGTH, TRANSACTION_CODE_ALPHABET -import random, string +import secrets +import string MAX_QUANTITY = 9999 @@ -76,7 +77,7 @@ class VerificationCode(models.Model): @staticmethod def generate(user: User, code_mode: str) -> VerificationCode: while True: - code = "".join(random.choices(string.ascii_letters+string.digits, k=64)) + code = "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(64)) if not VerificationCode.objects.filter(code=code).exists(): return VerificationCode.objects.create( code = code,