Merge pull request #2377 from johannaengland/secure-api-token

Generate more secure API tokens
Uninett · Mar 30, 2022 · d0e14cf · d0e14cf
2 parents a1a6a15 + 7fabaab
commit d0e14cf
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/python/nav/util.py b/python/nav/util.py
@@ -26,6 +26,7 @@
 from functools import wraps
 from itertools import chain, tee, groupby, islice
 from operator import itemgetter
+from secrets import token_hex
 
 import IPy
 
@@ -469,12 +470,8 @@ def address_to_string(ip, port):
 
 
 def auth_token():
-    """Generates a hash that can be used as an OAuth API token"""
-    from django.conf import settings
-
-    _hash = hashlib.sha1(str(uuid.uuid4()).encode('utf-8'))
-    _hash.update(settings.SECRET_KEY.encode('utf-8'))
-    return _hash.hexdigest()
+    """Generates a hex token that can be used as an OAuth API token"""
+    return token_hex(32)
 
 
 def consecutive(seq):