Skip to content

Refactor token generation to use the secrets module#9760

Merged
auvipy merged 2 commits intoencode:masterfrom
mahdirahimi1999:improve-token-generation
Aug 10, 2025
Merged

Refactor token generation to use the secrets module#9760
auvipy merged 2 commits intoencode:masterfrom
mahdirahimi1999:improve-token-generation

Conversation

@mahdirahimi1999
Copy link
Contributor

@mahdirahimi1999 mahdirahimi1999 commented Aug 9, 2025
edited
Loading

Summary

Replace binascii.hexlify(os.urandom(20)).decode() with secrets.token_hex(20) in Token.generate_key() method.

Rationale

The secrets module is the recommended approach for cryptographic token generation in Python 3.6+. This change maintains the same 40-character hex output format and passes all existing tests.

@auvipy auvipy self-requested a review August 9, 2025 13:52
auvipy
auvipy requested changes Aug 9, 2025
View reviewed changes
Copy link
Collaborator

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not fully sure if we should merge this as is. but I like the intent here. should we test this as well?

@mahdirahimi1999
Copy link
Contributor Author

mahdirahimi1999 commented Aug 9, 2025
edited
Loading

I'm not fully sure if we should merge this as is. but I like the intent here. should we test this as well?

This change was already confirmed as beneficial by @browniebroke in the previous PR: — I just moved it here as suggested. If needed, I can also add tests for this part.

@mahdirahimi1999 mahdirahimi1999 requested a review from auvipy August 9, 2025 14:04
@browniebroke
Copy link
Member

browniebroke commented Aug 9, 2025

I'm not fully sure if we should merge this as is. but I like the intent here. should we test this as well?

I like the intent as well. Not sure how you're thinking of testing that? I can only think of something that would test the implementation detail, which I'm not very interested in... Open to be proven wrong though!

auvipy
auvipy previously approved these changes Aug 9, 2025
View reviewed changes
Copy link
Collaborator

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK I didn't see the comment on the other PR.

@mahdirahimi1999
Copy link
Contributor Author

mahdirahimi1999 commented Aug 9, 2025

I'm not fully sure if we should merge this as is. but I like the intent here. should we test this as well?

I like the intent as well. Not sure how you're thinking of testing that? I can only think of something that would test the implementation detail, which I'm not very interested in... Open to be proven wrong though!

For example, these tests might help verify the change:

def test_generate_key_returns_valid_format(self):
    """Ensure generate_key returns a valid token format"""
    key = self.model.generate_key()
    # Should be exactly 40 characters (to fit in CharField max_length=40)
    assert len(key) == 40
    # Should contain only valid hexadecimal characters
    assert all(c in '0123456789abcdef' for c in key)

def test_generate_key_produces_unique_values(self):
    """Ensure generate_key produces unique values across multiple calls"""
    keys = set()
    # Generate multiple keys and ensure they're all different
    for _ in range(100):
        key = self.model.generate_key()
        assert key not in keys, f"Duplicate key generated: {key}"
        keys.add(key)

@auvipy
Copy link
Collaborator

auvipy commented Aug 9, 2025

some tests would be nice to have ...

@mahdirahimi1999
Copy link
Contributor Author

mahdirahimi1999 commented Aug 9, 2025

some tests would be nice to have ...

Sure, I’ll add these tests then.

@mahdirahimi1999
test: Add focused tests for Token.generate_key() method
8d08427 
- Add test for valid token format (40 hex characters)
- Add collision resistance test with 500 sample size
- Add basic randomness quality validation
- Ensure generated keys are unique and properly formatted
@mahdirahimi1999 mahdirahimi1999 requested a review from auvipy August 9, 2025 15:05
@mahdirahimi1999
Copy link
Contributor Author

mahdirahimi1999 commented Aug 9, 2025

I’ve added the tests.
@browniebroke @auvipy

@browniebroke
Copy link
Member

browniebroke commented Aug 9, 2025

I’ve added the tests.
@browniebroke @auvipy

PS No need to @ me, I'm checking my notifications regularly

@browniebroke browniebroke added this to the 3.16 milestone Aug 9, 2025
@auvipy auvipy merged commit 97a771c into encode:master Aug 10, 2025
7 checks passed
@mahdirahimi1999 mahdirahimi1999 mentioned this pull request Aug 28, 2025
Open
@browniebroke browniebroke modified the milestones: 3.16, 3.17 Sep 14, 2025
@browniebroke browniebroke changed the title Refactor token generation to use secrets module Refactor token generation to use the secrets module Oct 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@browniebroke browniebroke browniebroke approved these changes

@auvipy auvipy auvipy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

3.17

Development

Successfully merging this pull request may close these issues.

3 participants

@mahdirahimi1999 @browniebroke @auvipy