From 153e248dc99c59cd39cedf9a9e99d2ee58e1ac26 Mon Sep 17 00:00:00 2001
From: psyker156 <242220+psyker156@users.noreply.github.com>
Date: Sat, 4 Jan 2025 16:57:51 -0500
Subject: [PATCH] Improved nonce safety

generate_nonce() was rewritten to promote the use of a crypto safe PRNG
---
 woocommerce/oauth.py | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/woocommerce/oauth.py b/woocommerce/oauth.py
index 62557c0..5f0ac57 100644
--- a/woocommerce/oauth.py
+++ b/woocommerce/oauth.py
@@ -10,10 +10,10 @@
 __license__ = "MIT"
 
 from time import time
-from random import randint
+from os import urandom
 from hmac import new as HMAC
-from hashlib import sha1, sha256
-from base64 import b64encode
+from hashlib import sha256
+from base64 import b64encode, urlsafe_b64encode
 from collections import OrderedDict
 from urllib.parse import urlencode, quote, unquote, parse_qsl, urlparse
 
@@ -122,10 +122,5 @@ def get_value_like_as_php(val):
 
     @staticmethod
     def generate_nonce():
-        """ Generate nonce number """
-        nonce = ''.join([str(randint(0, 9)) for i in range(8)])
-        return HMAC(
-            nonce.encode(),
-            "secret".encode(),
-            sha1
-        ).hexdigest()
+        """Generate a crypto safe random 32-byte string and encode it in Base64"""
+        return urlsafe_b64encode(urandom(32)).decode('utf-8').rstrip('=')