From 30f6a77e68ca6c3dfe330ca090e79c67d2057c9c Mon Sep 17 00:00:00 2001 From: Agate Date: Wed, 19 Aug 2020 19:50:56 +0200 Subject: [PATCH] More secure tokens --- api/funkwhale_api/users/models.py | 7 +++---- api/funkwhale_api/users/oauth/views.py | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/api/funkwhale_api/users/models.py b/api/funkwhale_api/users/models.py index e4a26899b..a5a3df606 100644 --- a/api/funkwhale_api/users/models.py +++ b/api/funkwhale_api/users/models.py @@ -1,9 +1,7 @@ # -*- coding: utf-8 -*- from __future__ import absolute_import, unicode_literals -import binascii import datetime -import os import random import string import uuid @@ -31,8 +29,9 @@ from funkwhale_api.federation import models as federation_models from funkwhale_api.federation import utils as federation_utils -def get_token(length=15): - return binascii.b2a_hex(os.urandom(length)).decode("utf-8") +def get_token(length=30): + choices = string.ascii_lowercase + string.ascii_uppercase + "0123456789" + return "".join(random.choice(choices) for i in range(length)) PERMISSIONS_CONFIGURATION = { diff --git a/api/funkwhale_api/users/oauth/views.py b/api/funkwhale_api/users/oauth/views.py index 3260dc031..b1616afbd 100644 --- a/api/funkwhale_api/users/oauth/views.py +++ b/api/funkwhale_api/users/oauth/views.py @@ -93,7 +93,7 @@ class ApplicationViewSet( app = self.get_object() if not app.user_id or request.user != app.user: return response.Response(status=404) - app.token = models.get_token(15) + app.token = models.get_token() app.save(update_fields=["token"]) serializer = serializers.CreateApplicationSerializer(app) return response.Response(serializer.data, status=200)