Merge pull request #780 from Lunatic-Labs/SKIL-524

SKIL-524

BackEndFlask/controller/Routes/Refresh_route.py

@@ -5,6 +5,7 @@
 from controller.Route_response import *
 from flask_jwt_extended import jwt_required, create_access_token
 from controller.security.CustomDecorators import AuthCheck, bad_token_check
+import datetime
 
 @bp.route('/refresh', methods=['POST'])
 @jwt_required(refresh=True)
@@ -14,7 +15,7 @@ def refresh_token():
     try:
         user_id = int(request.args.get('user_id'))
         user = user_schema.dump(get_user(user_id))
-        jwt = create_access_token([user_id])
+        jwt = create_access_token([user_id], fresh=datetime.timedelta(minutes=60), expires_delta=datetime.timedelta(minutes=60))
         return create_good_response(user, 200, "user", jwt)
     except:
         return create_bad_response("Bad request: user_id must be provided", "user", 400)

BackEndFlask/controller/security/utility.py

@@ -20,7 +20,7 @@
 # jwt expires in 15mins; refresh token expires in 30days
 def create_tokens(user_i_d: any) -> 'tuple[str, str]':
     with app.app_context():
-        jwt = create_access_token(str(user_i_d), fresh=datetime.timedelta(minutes=60))
+        jwt = create_access_token(str(user_i_d), fresh=datetime.timedelta(minutes=60), expires_delta=datetime.timedelta(minutes=60))
         refresh = request.args.get('refresh_token')
         if not refresh:
             refresh = create_refresh_token(str(user_i_d))

BackEndFlask/models/utility.py

@@ -1,6 +1,6 @@
 import sys
 import yagmail 
-import random, string
+import string, secrets
 from models.logger import logger
 from controller.Routes.RouteExceptions import EmailFailureException
 
@@ -58,7 +58,7 @@ def send_email(address: str, subject: str,  content: str):
 def generate_random_password(length: int): 
     letters = string.ascii_letters + string.digits
 
-    return ''.join(random.choice(letters) for i in range(length))
+    return ''.join(secrets.choice(letters) for i in range(length))
 
 def error_log(f):
     '''