fix: added timeouts to the requests to fix Bandit issue

fix: fixed random issue (codacy)
fix: fixed missing import
2026-04-12 19:30:30 +02:00 · 2024-11-25 13:20:17 +01:00 · 2024-11-25 13:14:07 +01:00 · 2024-11-25 12:55:35 +01:00
4 changed files with 16 additions and 9 deletions
--- a/creyPY/helpers.py
+++ b/creyPY/helpers.py
@@ -1,4 +1,4 @@
-import random
+import secrets
 import string


@@ -6,11 +6,11 @@ def create_random_password(length: int = 12) -> str:
    all_characters = string.ascii_letters + string.digits + string.punctuation

    password = [
-        random.choice(string.ascii_lowercase),
-        random.choice(string.ascii_uppercase),
-        random.choice(string.digits),
-        random.choice(string.punctuation),
+        secrets.choice(string.ascii_lowercase),
+        secrets.choice(string.ascii_uppercase),
+        secrets.choice(string.digits),
+        secrets.choice(string.punctuation),
    ]
-    password += random.choices(all_characters, k=length - 4)
-    random.shuffle(password)
+    password += [secrets.choice(all_characters) for _ in range(length - 4)]
+    secrets.SystemRandom().shuffle(password)
    return "".join(password)
--- a/creyPY/services/init.py
+++ b/creyPY/services/init.py
@@ -0,0 +1 @@
+from .auth0 import *  # noqa
--- a/creyPY/services/auth0/manage.py
+++ b/creyPY/services/auth0/manage.py
@@ -8,7 +8,7 @@ cache = TTLCache(maxsize=100, ttl=600)

@cached(cache)
 def get_management_token() -> str:
-    re = requests.post(
+    response = requests.post(
        f"https://{AUTH0_DOMAIN}/oauth/token",
        json={
            "client_id": AUTH0_CLIENT_ID,
@@ -16,5 +16,6 @@ def get_management_token() -> str:
            "audience": f"https://{AUTH0_DOMAIN}/api/v2/",  # This should be the management audience
            "grant_type": "client_credentials",
        },
+        timeout=5,  # Add a timeout parameter to avoid hanging requests
    ).json()
-    return re["access_token"]
+    return response["access_token"]
--- a/creyPY/services/auth0/utils.py
+++ b/creyPY/services/auth0/utils.py
@@ -54,6 +54,7 @@ def get_user(sub) -> dict:
    re = requests.get(
        f"https://{AUTH0_DOMAIN}/api/v2/users/{sub}",
        headers={"Authorization": f"Bearer {get_management_token()}"},
+        timeout=5,
    )
    if re.status_code != 200:
        raise HTTPException(re.status_code, re.json())
@@ -65,6 +66,7 @@ def patch_user(input_obj: dict, sub) -> dict:
        f"https://{AUTH0_DOMAIN}/api/v2/users/{sub}",
        headers={"Authorization": f"Bearer {get_management_token()}"},
        json=input_obj,
+        timeout=5,
    )
    if re.status_code != 200:
        raise HTTPException(re.status_code, re.json())
@@ -92,6 +94,7 @@ def request_verification_mail(sub: str) -> None:
        f"https://{AUTH0_DOMAIN}/api/v2/jobs/verification-email",
        headers={"Authorization": f"Bearer {get_management_token()}"},
        json={"user_id": sub},
+        timeout=5,
    )
    if re.status_code != 201:
        raise HTTPException(re.status_code, re.json())
@@ -109,6 +112,7 @@ def create_user_invite(email: str) -> dict:
            "verify_email": False,
            "app_metadata": {"invitedToMyApp": True},
        },
+        timeout=5,
    )
    if re.status_code != 201:
        raise HTTPException(re.status_code, re.json())
@@ -124,6 +128,7 @@ def password_change_mail(email: str) -> bool:
            "email": email,
            "connection": "Username-Password-Authentication",
        },
+        timeout=5,
    )

    if re.status_code != 200:
Author	SHA1	Message	Date
Conrad	5daddf260e	fix: added timeouts to the requests to fix Bandit issue	2024-11-25 13:20:17 +01:00
Conrad	364e07daa1	fix: fixed random issue (codacy)	2024-11-25 13:14:07 +01:00
Conrad	5daf6eb8c5	fix: fixed missing import	2024-11-25 12:55:35 +01:00