velvox
/
litecord
mirror of https://gitlab.com/litecord/litecord.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

invites: use secrets.token_urlsafe instead of os.urandom

This commit is contained in:
Luna 2019-02-05 17:32:18 -03:00
parent 73e83c2b81
commit b424d47755
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
litecord/blueprints/invites.py
View File

@ -17,9 +17,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
""" """
import re
import secrets
import datetime import datetime
import base64
import os
from quart import Blueprint, request, current_app as app, jsonify from quart import Blueprint, request, current_app as app, jsonify
from logbook import Logger from logbook import Logger
@ -52,12 +52,8 @@ def gen_inv_code() -> str:
This is a primitive and does not guarantee uniqueness. This is a primitive and does not guarantee uniqueness.
""" """
# TODO: should we really be depending on os.urandom? raw = secrets.token_urlsafe(10)
raw = os.urandom(7) raw = re.sub(r'\/|\+|\-|\_', '', raw)
raw = base64.b64encode(raw).decode()
raw = raw.replace('/', '')
raw = raw.replace('+', '')
return raw[:7] return raw[:7]