From: garciadeblas <gerardo.garciadeblas@telefonica.com>
Date: Wed, 25 Jun 2025 15:18:05 +0000 (+0200)
Subject: Fix the way tokens are generated to use stronger PRNG
X-Git-Tag: v18.0.0~11
X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=d8c3d8e403336a049e239bdc3239b16d5bdfe32a;p=osm%2FNBI.git

Fix the way tokens are generated to use stronger PRNG

Change-Id: I4696a77b16c7495b525dfc2007908a6c175846a3
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
---

diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index ac157b8..fe86f16 100644
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py
@@ -32,6 +32,7 @@ __date__ = "$06-jun-2019 11:16:08$"
 
 import logging
 import re
+import secrets
 
 from osm_nbi.authconn import (
     Authconn,
@@ -402,12 +403,8 @@ class AuthconnInternal(Authconn):
             user_data,
         )
 
-        token_id = "".join(
-            random_choice(
-                "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-            )
-            for _ in range(0, 32)
-        )
+        # Generate a secure random 32 byte array base64 encoded for use in URLs
+        token_id = secrets.token_urlsafe(32)
 
         # projects = user_content.get("projects", [])
         prm_list = user_content.get("project_role_mappings", [])