Use secrets.py to generate user secret

Instead of using our own random string generator function, the user
secret is now being generated using secrets.token_urlsafe(). The max
length of the user secret has been increased to accommodate the size of
the 32 byte string.

spotifyvis/models.py

@@ -28,7 +28,7 @@ class User(models.Model):
         verbose_name_plural = "Users"
 
     user_id = models.CharField(primary_key=True, max_length=MAX_ID) # the user's Spotify ID
-    user_secret = models.CharField(max_length=30, default='')
+    user_secret = models.CharField(max_length=50, default='')
 
     def __str__(self):
         return self.user_id

spotifyvis/views.py

@@ -5,7 +5,7 @@ import random
 import requests
 import os
 import urllib
-import json
+import secrets
 import pprint
 import string
 from datetime import datetime
@@ -146,7 +146,8 @@ def user_data(request):
     try:
         user = User.objects.get(user_id=user_data_response['id'])
     except User.DoesNotExist:
-        user = User(user_id=user_data_response['id'], user_secret=generate_random_string(30))
+        # Python docs recommends 32 bytes of randomness against brute force attacks
+        user = User(user_id=user_data_response['id'], user_secret=secrets.token_urlsafe(32))
         user.save()
 
     context = {