make random password generation safe

2024-11-22 06:03:20 +00:00 · 2024-11-19 13:21:08 +01:00 · 2024-11-19 13:21:08 +01:00 · 6853ec0b69
commit 6853ec0b69
parent 3b39049c20
1 changed files with 2 additions and 2 deletions
--- a/subscription/views.py
+++ b/subscription/views.py
@ -13,7 +13,7 @@
 #
 #

-import random
+import secrets

 from django import forms
 from django.conf import settings
@ -85,7 +85,7 @@ class SubscriptionForm(forms.ModelForm):
                    date_of_birth=self.cleaned_data.get("date_of_birth"),
                )
                u.generate_username()
-                u.set_password(str(random.randrange(1000000, 10000000)))
+                u.set_password(secrets.token_urlsafe(nbytes=10))
                u.save()
                cleaned_data["member"] = u
        elif cleaned_data.get("member") is not None: