fix: replace random module with secrets for secure code generation in VerificationCode

This commit is contained in:
2026-05-26 12:02:36 +02:00
parent 4877e859bd
commit 1a73a9e373
+3 -2
View File
@@ -6,7 +6,8 @@ from django.contrib.auth.models import User, AbstractUser
from django.core.validators import MaxValueValidator from django.core.validators import MaxValueValidator
from django.utils.crypto import get_random_string from django.utils.crypto import get_random_string
from .vars import VAT_RATE, TRANSACTION_CODE_PREFIX, TRANSACTION_CODE_LENGTH, TRANSACTION_CODE_ALPHABET from .vars import VAT_RATE, TRANSACTION_CODE_PREFIX, TRANSACTION_CODE_LENGTH, TRANSACTION_CODE_ALPHABET
import random, string import secrets
import string
MAX_QUANTITY = 9999 MAX_QUANTITY = 9999
@@ -76,7 +77,7 @@ class VerificationCode(models.Model):
@staticmethod @staticmethod
def generate(user: User, code_mode: str) -> VerificationCode: def generate(user: User, code_mode: str) -> VerificationCode:
while True: while True:
code = "".join(random.choices(string.ascii_letters+string.digits, k=64)) code = "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(64))
if not VerificationCode.objects.filter(code=code).exists(): if not VerificationCode.objects.filter(code=code).exists():
return VerificationCode.objects.create( return VerificationCode.objects.create(
code = code, code = code,