fix: replace random module with secrets for secure code generation in VerificationCode
This commit is contained in:
+3
-2
@@ -6,7 +6,8 @@ from django.contrib.auth.models import User, AbstractUser
|
|||||||
from django.core.validators import MaxValueValidator
|
from django.core.validators import MaxValueValidator
|
||||||
from django.utils.crypto import get_random_string
|
from django.utils.crypto import get_random_string
|
||||||
from .vars import VAT_RATE, TRANSACTION_CODE_PREFIX, TRANSACTION_CODE_LENGTH, TRANSACTION_CODE_ALPHABET
|
from .vars import VAT_RATE, TRANSACTION_CODE_PREFIX, TRANSACTION_CODE_LENGTH, TRANSACTION_CODE_ALPHABET
|
||||||
import random, string
|
import secrets
|
||||||
|
import string
|
||||||
|
|
||||||
MAX_QUANTITY = 9999
|
MAX_QUANTITY = 9999
|
||||||
|
|
||||||
@@ -76,7 +77,7 @@ class VerificationCode(models.Model):
|
|||||||
@staticmethod
|
@staticmethod
|
||||||
def generate(user: User, code_mode: str) -> VerificationCode:
|
def generate(user: User, code_mode: str) -> VerificationCode:
|
||||||
while True:
|
while True:
|
||||||
code = "".join(random.choices(string.ascii_letters+string.digits, k=64))
|
code = "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(64))
|
||||||
if not VerificationCode.objects.filter(code=code).exists():
|
if not VerificationCode.objects.filter(code=code).exists():
|
||||||
return VerificationCode.objects.create(
|
return VerificationCode.objects.create(
|
||||||
code = code,
|
code = code,
|
||||||
|
|||||||
Reference in New Issue
Block a user