From e24a844d174ea7c3a328a627e45ffa4ca0758a6c Mon Sep 17 00:00:00 2001
From: Jaime van Kessel <nallath@gmail.com>
Date: Thu, 2 Sep 2021 14:25:57 +0200
Subject: [PATCH 1/2] Use secrets instead of random

Since we're no longer stuck on python 3.5, we can use secrets instead of random
which provides better randomness.

CURA-8401
SEC-207
---
 cura/OAuth2/AuthorizationHelpers.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cura/OAuth2/AuthorizationHelpers.py b/cura/OAuth2/AuthorizationHelpers.py
index df3fc366ba..c97c7f3ec2 100644
--- a/cura/OAuth2/AuthorizationHelpers.py
+++ b/cura/OAuth2/AuthorizationHelpers.py
@@ -3,7 +3,7 @@
 
 from datetime import datetime
 import json
-import random
+import secrets
 from hashlib import sha512
 from base64 import b64encode
 from typing import Optional
@@ -143,7 +143,7 @@ class AuthorizationHelpers:
         better to leave it at 32
         """
 
-        return "".join(random.choice("0123456789ABCDEF") for i in range(code_length))
+        return "".join(secrets.choice("0123456789ABCDEF") for i in range(code_length))
 
     @staticmethod
     def generateVerificationCodeChallenge(verification_code: str) -> str:

From 8b5cfc9c28cc39bfe23a6c621872b5b37e11530d Mon Sep 17 00:00:00 2001
From: Jaime van Kessel <nallath@gmail.com>
Date: Fri, 3 Sep 2021 09:57:04 +0200
Subject: [PATCH 2/2] Use token_hex from secrets instead of choice

CURA-8401
---
 cura/OAuth2/AuthorizationHelpers.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cura/OAuth2/AuthorizationHelpers.py b/cura/OAuth2/AuthorizationHelpers.py
index c97c7f3ec2..d6f4980fe4 100644
--- a/cura/OAuth2/AuthorizationHelpers.py
+++ b/cura/OAuth2/AuthorizationHelpers.py
@@ -139,11 +139,11 @@ class AuthorizationHelpers:
     def generateVerificationCode(code_length: int = 32) -> str:
         """Generate a verification code of arbitrary length.
 
-        :param code_length:: How long should the code be? This should never be lower than 16, but it's probably
+        :param code_length:: How long should the code be in bytes? This should never be lower than 16, but it's probably
         better to leave it at 32
         """
 
-        return "".join(secrets.choice("0123456789ABCDEF") for i in range(code_length))
+        return secrets.token_hex(code_length)
 
     @staticmethod
     def generateVerificationCodeChallenge(verification_code: str) -> str: