From 7fabaabb3c9f15d085ba55808f5ee0151c07b555 Mon Sep 17 00:00:00 2001
From: Johanna England <johanna.england@sikt.no>
Date: Tue, 29 Mar 2022 12:58:02 +0200
Subject: [PATCH] Generate more secure API tokens

---
 python/nav/util.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/python/nav/util.py b/python/nav/util.py
index 7e8cd6d207..c7b609d309 100644
--- a/python/nav/util.py
+++ b/python/nav/util.py
@@ -26,6 +26,7 @@
 from functools import wraps
 from itertools import chain, tee, groupby, islice
 from operator import itemgetter
+from secrets import token_hex
 
 import IPy
 
@@ -469,12 +470,8 @@ def address_to_string(ip, port):
 
 
 def auth_token():
-    """Generates a hash that can be used as an OAuth API token"""
-    from django.conf import settings
-
-    _hash = hashlib.sha1(str(uuid.uuid4()).encode('utf-8'))
-    _hash.update(settings.SECRET_KEY.encode('utf-8'))
-    return _hash.hexdigest()
+    """Generates a hex token that can be used as an OAuth API token"""
+    return token_hex(32)
 
 
 def consecutive(seq):