diff --git a/.github/workflows/docker-no-push.yml b/.github/workflows/docker-no-push.yml index 13bfeea..a1b12b6 100644 --- a/.github/workflows/docker-no-push.yml +++ b/.github/workflows/docker-no-push.yml @@ -14,13 +14,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout del código - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Configurar Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '3.14' - name: Configurar uv - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@d0d8abe699bfb85fec6de9f7adb5ae17292296ff # v6 - name: Instalar dependencias run: | uv sync --no-dev --no-install-project @@ -38,13 +38,13 @@ jobs: steps: - name: Checkout del código - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Configurar Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Build (sin push) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: . push: false diff --git a/tienda/tasks.py b/tienda/tasks.py index 480b9d9..48a030b 100644 --- a/tienda/tasks.py +++ b/tienda/tasks.py @@ -4,7 +4,8 @@ from django.template.loader import render_to_string from django.core.mail import EmailMessage from .utilities import send_email, send_hemail from .vars import login_message, verify_message -import random, string +import secrets +import string from . import pdf from .models import User, VerificationCode @@ -43,7 +44,7 @@ def enviar_correo_confirmacion(id: int): code = VerificationCode.objects.create( user = usuario, code_mode = VerificationCode.VerificationModes.VERIFY_ACCOUNT, - code = ''.join(random.choices(string.digits, k=12)) + code = ''.join(secrets.choice(string.digits) for _ in range(12)) ) message = verify_message.format(name = usuario.get_full_name(), protocol = settings.PROTOCOL, domain = settings.DOMAIN, code = code.code) @@ -60,7 +61,7 @@ def enviar_correo_recuperacion(email: str): ver_code = VerificationCode.objects.create( code_mode = VerificationCode.VerificationModes.RESET_PASSWORD, user = usuario, - code = ''.join(random.choices(string.digits, k=12)) + code = ''.join(secrets.choice(string.digits) for _ in range(12)) ) ver_code.save() html_content = render_to_string( diff --git a/tienda/tests.py b/tienda/tests.py index 932f6b9..5d1a29a 100644 --- a/tienda/tests.py +++ b/tienda/tests.py @@ -16,6 +16,7 @@ from .models import ( ) from .forms import UserRegisterForm, UserLoginForm, EditProfileForm, ChangePasswordForm, ShippingAddressForm, ResetPasswordForm, ResetPasswordPhase2Form from .vars import VAT_RATE, TRANSACTION_CODE_PREFIX +import secrets import string import random @@ -335,7 +336,7 @@ class VerificationCodeModelTests(TestCase): """50 códigos pueden crearse sin conflictos.""" codes = [] for i in range(50): - mode = random.choice([ + mode = secrets.choice([ VerificationCode.VerificationModes.VERIFY_ACCOUNT, VerificationCode.VerificationModes.RESET_PASSWORD ]) @@ -377,7 +378,7 @@ class CategoryModelTests(TestCase): """100 categorías pueden crearse sin problemas.""" categories = [] for i in range(100): - cat = Category.objects.create(name=f"Category_{i}_{random.randint(1000, 9999)}") + cat = Category.objects.create(name=f"Category_{i}_{1000 + secrets.randbelow(9000)}") categories.append(cat) self.assertEqual(len(categories), 100)