fix: Moving pilot secret gen to diracx-logic

Robin-Van-de-Merghel · Robin-Van-de-Merghel · commit 252da7c47eaa · 2025-04-02T15:51:50.000+02:00
diff --git a/diracx-db/src/diracx/db/sql/pilot_agents/db.py b/diracx-db/src/diracx/db/sql/pilot_agents/db.py
@@ -1,7 +1,6 @@
 from __future__ import annotations
 
 from datetime import datetime, timezone
-from os import urandom
 
 from sqlalchemy import DateTime, insert, select, update
 from sqlalchemy.exc import IntegrityError, NoResultFound
@@ -12,6 +11,7 @@
     PilotNotFoundError,
 )
 from diracx.db.sql.utils.functions import hash
+from diracx.logic.auth.token import generate_pilot_secret
 
 from ..utils import BaseSQLDB
 from .schema import PilotAgents, PilotAgentsDBBase, PilotRegistrations
@@ -129,7 +129,7 @@ async def add_pilot_credentials(self, pilot_id: int) -> str:
 
         # Get a random string
         # Can be customized
-        random_secret = urandom(30).hex()
+        random_secret = generate_pilot_secret()
 
         hashed_random_secret = hash(random_secret)
 
diff --git a/diracx-logic/src/diracx/logic/auth/token.py b/diracx-logic/src/diracx/logic/auth/token.py
@@ -6,6 +6,7 @@
 import hashlib
 import re
 from datetime import datetime, timedelta, timezone
+from secrets import token_hex
 from uuid import UUID, uuid4
 
 from authlib.jose import JsonWebToken
@@ -417,3 +418,8 @@ async def get_authorization_flow(auth_db: AuthDB, code: str, max_validity: int):
         raise AuthorizationError("Code was already used")
 
     raise AuthorizationError("Bad state in authorization flow")
+
+
+def generate_pilot_secret():
+    # Can change with time
+    return token_hex(16)
