"""Generate cryptographically strong pseudo-random numbers suitable for

[0] Fix | Delete

managing secrets such as account authentication, tokens, and similar.

[1] Fix | Delete

[2] Fix | Delete

See PEP 506 for more information.

[3] Fix | Delete

https://www.python.org/dev/peps/pep-0506/

[4] Fix | Delete

[5] Fix | Delete

"""

[6] Fix | Delete

[7] Fix | Delete

__all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom',

[8] Fix | Delete

'token_bytes', 'token_hex', 'token_urlsafe',

[9] Fix | Delete

'compare_digest',

[10] Fix | Delete

]

[11] Fix | Delete

[12] Fix | Delete

[13] Fix | Delete

import base64

[14] Fix | Delete

import binascii

[15] Fix | Delete

import os

[16] Fix | Delete

[17] Fix | Delete

from hmac import compare_digest

[18] Fix | Delete

from random import SystemRandom

[19] Fix | Delete

[20] Fix | Delete

_sysrand = SystemRandom()

[21] Fix | Delete

[22] Fix | Delete

randbits = _sysrand.getrandbits

[23] Fix | Delete

choice = _sysrand.choice

[24] Fix | Delete

[25] Fix | Delete

def randbelow(exclusive_upper_bound):

[26] Fix | Delete

"""Return a random int in the range [0, n)."""

[27] Fix | Delete

if exclusive_upper_bound <= 0:

[28] Fix | Delete

raise ValueError("Upper bound must be positive.")

[29] Fix | Delete

return _sysrand._randbelow(exclusive_upper_bound)

[30] Fix | Delete

[31] Fix | Delete

DEFAULT_ENTROPY = 32 # number of bytes to return by default

[32] Fix | Delete

[33] Fix | Delete

def token_bytes(nbytes=None):

[34] Fix | Delete

"""Return a random byte string containing *nbytes* bytes.

[35] Fix | Delete

[36] Fix | Delete

If *nbytes* is ``None`` or not supplied, a reasonable

[37] Fix | Delete

default is used.

[38] Fix | Delete

[39] Fix | Delete

>>> token_bytes(16) #doctest:+SKIP

[40] Fix | Delete

b'\\xebr\\x17D*t\\xae\\xd4\\xe3S\\xb6\\xe2\\xebP1\\x8b'

[41] Fix | Delete

[42] Fix | Delete

"""

[43] Fix | Delete

if nbytes is None:

[44] Fix | Delete

nbytes = DEFAULT_ENTROPY

[45] Fix | Delete

return os.urandom(nbytes)

[46] Fix | Delete

[47] Fix | Delete

def token_hex(nbytes=None):

[48] Fix | Delete

"""Return a random text string, in hexadecimal.

[49] Fix | Delete

[50] Fix | Delete

The string has *nbytes* random bytes, each byte converted to two

[51] Fix | Delete

hex digits. If *nbytes* is ``None`` or not supplied, a reasonable

[52] Fix | Delete

default is used.

[53] Fix | Delete

[54] Fix | Delete

>>> token_hex(16) #doctest:+SKIP

[55] Fix | Delete

'f9bf78b9a18ce6d46a0cd2b0b86df9da'

[56] Fix | Delete

[57] Fix | Delete

"""

[58] Fix | Delete

return binascii.hexlify(token_bytes(nbytes)).decode('ascii')

[59] Fix | Delete

[60] Fix | Delete

def token_urlsafe(nbytes=None):

[61] Fix | Delete

"""Return a random URL-safe text string, in Base64 encoding.

[62] Fix | Delete

[63] Fix | Delete

The string has *nbytes* random bytes. If *nbytes* is ``None``

[64] Fix | Delete

or not supplied, a reasonable default is used.

[65] Fix | Delete

[66] Fix | Delete

>>> token_urlsafe(16) #doctest:+SKIP

[67] Fix | Delete

'Drmhze6EPcv0fN_81Bj-nA'

[68] Fix | Delete

[69] Fix | Delete

"""

[70] Fix | Delete

tok = token_bytes(nbytes)

[71] Fix | Delete

return base64.urlsafe_b64encode(tok).rstrip(b'=').decode('ascii')

[72] Fix | Delete

[73] Fix | Delete