Use cryptographically secure random number for sms codes

Also, increase token length to 6 digits
2026-02-02 09:26:08 -05:00 · 2023-02-17 11:54:17 -05:00
parent 236701f01d
commit e26bc5095c
2 changed files with 6 additions and 25 deletions
--- a/tests/app/dao/test_users_dao.py
+++ b/tests/app/dao/test_users_dao.py
@@ -183,21 +183,9 @@ def test_create_secret_code_different_subsequent_codes():
    assert code1 != code2


-def test_create_secret_code_returns_5_digits():
+def test_create_secret_code_returns_6_digits():
    code = create_secret_code()
-    assert len(str(code)) == 5
-
-
-def test_create_secret_code_never_repeats_consecutive_digits(mocker):
-    mocker.patch('app.dao.users_dao.SystemRandom.randrange', side_effect=[
-        1, 1, 1,
-        2,
-        3,
-        4, 4,
-        1,  # Repeated allowed if not consecutive
-        9, 9,  # Not called because we have 5 digits now
-    ])
-    assert create_secret_code() == '12341'
+    assert len(str(code)) == 6


@freeze_time('2018-07-07 12:00:00')