From 6b52a6303a0d139392ab4ae45adceb7bd9b5668f Mon Sep 17 00:00:00 2001
From: b3yond <b3yond@riseup.net>
Date: Sun, 27 Jan 2019 17:53:37 +0100
Subject: [PATCH] better crypto

---
 user.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/user.py b/user.py
index 4ff1db1..147fb40 100644
--- a/user.py
+++ b/user.py
@@ -4,7 +4,7 @@ from db import db
 import jwt
 from mastodon import Mastodon
 from pylibscrypt import scrypt_mcf, scrypt_mcf_check
-from random import choice
+from os import urandom
 
 
 class User(object):
@@ -17,8 +17,7 @@ class User(object):
     def get_csrf(self):
         csrf_token = request.get_cookie('csrf', secret=db.get_secret())
         if not csrf_token:
-            allchar = "0123456789"
-            csrf_token = "".join(choice(allchar) for x in range(32))
+            csrf_token = str(urandom(32))
         return csrf_token
 
     def check_password(self, password):