Use secrets.py to generate user secret

Instead of using our own random string generator function, the user secret is now being generated using secrets.token_urlsafe(). The max length of the user secret has been increased to accommodate the size of the 32 byte string.
6 years ago · be815086c0
2 changed files with 4 additions and 3 deletions
--- a/spotifyvis/models.py
+++ b/spotifyvis/models.py
@ -28,7 +28,7 @@ class User(models.Model):
        verbose_name_plural = "Users"

    user_id = models.CharField(primary_key=True, max_length=MAX_ID) # the user's Spotify ID
-    user_secret = models.CharField(max_length=30, default='')
+    user_secret = models.CharField(max_length=50, default='')

    def __str__(self):
        return self.user_id
--- a/spotifyvis/views.py
+++ b/spotifyvis/views.py
@ -5,7 +5,7 @@ import random
 import requests
 import os
 import urllib
-import json
+import secrets
 import pprint
 import string
 from datetime import datetime
@ -146,7 +146,8 @@ def user_data(request):
    try:
        user = User.objects.get(user_id=user_data_response['id'])
    except User.DoesNotExist:
-        user = User(user_id=user_data_response['id'], user_secret=generate_random_string(30))
+        # Python docs recommends 32 bytes of randomness against brute force attacks
+        user = User(user_id=user_data_response['id'], user_secret=secrets.token_urlsafe(32))
        user.save()

    context = {