Browse Source

Use secrets.py to generate user secret

Instead of using our own random string generator function, the user
secret is now being generated using secrets.token_urlsafe(). The max
length of the user secret has been increased to accommodate the size of
the 32 byte string.
master
Chris Shyi 7 years ago
parent
commit
be815086c0
  1. 2
      spotifyvis/models.py
  2. 5
      spotifyvis/views.py

2
spotifyvis/models.py

@ -28,7 +28,7 @@ class User(models.Model):
verbose_name_plural = "Users"
user_id = models.CharField(primary_key=True, max_length=MAX_ID) # the user's Spotify ID
user_secret = models.CharField(max_length=30, default='')
user_secret = models.CharField(max_length=50, default='')
def __str__(self):
return self.user_id

5
spotifyvis/views.py

@ -5,7 +5,7 @@ import random
import requests
import os
import urllib
import json
import secrets
import pprint
import string
from datetime import datetime
@ -146,7 +146,8 @@ def user_data(request):
try:
user = User.objects.get(user_id=user_data_response['id'])
except User.DoesNotExist:
user = User(user_id=user_data_response['id'], user_secret=generate_random_string(30))
# Python docs recommends 32 bytes of randomness against brute force attacks
user = User(user_id=user_data_response['id'], user_secret=secrets.token_urlsafe(32))
user.save()
context = {

Loading…
Cancel
Save