From cdcaf976df0d2c83be0ddfbd0921ffeb63a4cca1 Mon Sep 17 00:00:00 2001 From: Jang Rush Date: Wed, 10 Aug 2022 13:53:31 +0000 Subject: [PATCH 1/2] Refine activation code generation. Previously, activation code genaration invoked a redudant `str()` conversion (`secrets.cohice(string.digits)` already returns a string). Also, secrets.choice was called six times, which is slower than just one call. I hope this refinement make the code more readable and faster. --- app/api/views/auth.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/api/views/auth.py b/app/api/views/auth.py index a149f9b45..40147679e 100644 --- a/app/api/views/auth.py +++ b/app/api/views/auth.py @@ -1,5 +1,4 @@ import secrets -import string import facebook import google.oauth2.credentials @@ -114,7 +113,7 @@ def auth_register(): Session.flush() # create activation code - code = "".join([str(secrets.choice(string.digits)) for _ in range(6)]) + code = str(secrets.randbelow(1000000)).zfill(6) AccountActivation.create(user_id=user.id, code=code) Session.commit() @@ -208,7 +207,7 @@ def auth_reactivate(): Session.commit() # create activation code - code = "".join([str(secrets.choice(string.digits)) for _ in range(6)]) + code = str(secrets.randbelow(1000000)).zfill(6) AccountActivation.create(user_id=user.id, code=code) Session.commit() From e2b147ff48041a5aae6134ad7a09caed92efc8d0 Mon Sep 17 00:00:00 2001 From: Jang Rush Date: Wed, 10 Aug 2022 16:03:08 +0000 Subject: [PATCH 2/2] Extract activation code length as a constant. suggested by @acasajus --- app/api/views/auth.py | 10 +++++++--- app/config.py | 2 ++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/app/api/views/auth.py b/app/api/views/auth.py index 40147679e..a56ad6d3a 100644 --- a/app/api/views/auth.py +++ b/app/api/views/auth.py @@ -9,7 +9,7 @@ from app import email_utils from app.api.base import api_bp -from app.config import FLASK_SECRET, DISABLE_REGISTRATION +from app.config import ACTIVATION_CODE_NUM_DIGITS, FLASK_SECRET, DISABLE_REGISTRATION from app.dashboard.views.setting import send_reset_password_email from app.db import Session from app.email_utils import ( @@ -113,7 +113,9 @@ def auth_register(): Session.flush() # create activation code - code = str(secrets.randbelow(1000000)).zfill(6) + code = str(secrets.randbelow(10**ACTIVATION_CODE_NUM_DIGITS)).zfill( + ACTIVATION_CODE_NUM_DIGITS + ) AccountActivation.create(user_id=user.id, code=code) Session.commit() @@ -207,7 +209,9 @@ def auth_reactivate(): Session.commit() # create activation code - code = str(secrets.randbelow(1000000)).zfill(6) + code = str(secrets.randbelow(10**ACTIVATION_CODE_NUM_DIGITS)).zfill( + ACTIVATION_CODE_NUM_DIGITS + ) AccountActivation.create(user_id=user.id, code=code) Session.commit() diff --git a/app/config.py b/app/config.py index 97e58d881..95879a70e 100644 --- a/app/config.py +++ b/app/config.py @@ -230,6 +230,8 @@ def sl_getenv(env_var: str, default_factory: Callable = None): print("WARNING: Use a temp directory for GNUPGHOME", GNUPGHOME) +ACTIVATION_CODE_NUM_DIGITS = 6 + # Github, Google, Facebook client id and secrets GITHUB_CLIENT_ID = os.environ.get("GITHUB_CLIENT_ID") GITHUB_CLIENT_SECRET = os.environ.get("GITHUB_CLIENT_SECRET")