random.randint -> secrets.randbelow(exclusive_upper_bound)

12 months ago · 8c3efef71f
parent fb7fbf1fe4
commit 8c3efef71f
3 changed files with 7 additions and 8 deletions
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@ -1,7 +1,6 @@
 import base64
 import json
 import logging
-import random
 import secrets
 import uuid
 from datetime import UTC, datetime, timedelta
@ -261,7 +260,7 @@ class AccountService:

    @staticmethod
    def generate_account_deletion_verification_code(account: Account) -> tuple[str, str]:
-        code = "".join([str(random.randint(0, 9)) for _ in range(6)])
+        code = "".join([str(secrets.randbelow(exclusive_upper_bound=10)) for _ in range(6)])
        token = TokenManager.generate_token(
            account=account, token_type="account_deletion", additional_data={"code": code}
        )
@ -429,7 +428,7 @@ class AccountService:
        additional_data: dict[str, Any] = {},
    ):
        if not code:
-            code = "".join([str(random.randint(0, 9)) for _ in range(6)])
+            code = "".join([str(secrets.randbelow(exclusive_upper_bound=10)) for _ in range(6)])
        additional_data["code"] = code
        token = TokenManager.generate_token(
            account=account, email=email, token_type="reset_password", additional_data=additional_data
@ -456,7 +455,7 @@ class AccountService:

            raise EmailCodeLoginRateLimitExceededError()

-        code = "".join([str(random.randint(0, 9)) for _ in range(6)])
+        code = "".join([str(secrets.randbelow(exclusive_upper_bound=10)) for _ in range(6)])
        token = TokenManager.generate_token(
            account=account, email=email, token_type="email_code_login", additional_data={"code": code}
        )
--- a/api/services/dataset_service.py
+++ b/api/services/dataset_service.py
@ -2,7 +2,7 @@ import copy
 import datetime
 import json
 import logging
-import random
+import secrets
 import time
 import uuid
 from collections import Counter
@ -970,7 +970,7 @@ class DocumentService:
            documents.append(document)
            batch = document.batch
        else:
-            batch = time.strftime("%Y%m%d%H%M%S") + str(random.randint(100000, 999999))
+            batch = time.strftime("%Y%m%d%H%M%S") + str(100000 + secrets.randbelow(exclusive_upper_bound=900000))
            # save process rule
            if not dataset_process_rule:
                process_rule = knowledge_config.process_rule
--- a/api/services/webapp_auth_service.py
+++ b/api/services/webapp_auth_service.py
@ -1,4 +1,4 @@
-import random
+import secrets
 from datetime import UTC, datetime, timedelta
 from typing import Any, Optional, cast

@ -66,7 +66,7 @@ class WebAppAuthService:
        if email is None:
            raise ValueError("Email must be provided.")

-        code = "".join([str(random.randint(0, 9)) for _ in range(6)])
+        code = "".join([str(secrets.randbelow(exclusive_upper_bound=10)) for _ in range(6)])
        token = TokenManager.generate_token(
            account=account, email=email, token_type="webapp_email_code_login", additional_data={"code": code}
        )