From 4ffd465fac9411df6f77b436fc4c450e02872d6d Mon Sep 17 00:00:00 2001
From: Flavio Tarsetti <flavio.tarsetti@idiap.ch>
Date: Fri, 15 May 2020 13:59:56 +0200
Subject: [PATCH] [accounts][models] make temporary url hash unique

---
 beat/web/accounts/models.py | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/beat/web/accounts/models.py b/beat/web/accounts/models.py
index a3de68edd..9eb4dbda9 100644
--- a/beat/web/accounts/models.py
+++ b/beat/web/accounts/models.py
@@ -160,15 +160,23 @@ def save_user_profile(sender, instance, **kwargs):
     instance.profile.save()
 
 
+def generate_url_hash():
+    # url_hash creation
+    url_hash = "".join(
+        random.choice(string.ascii_letters + string.digits)  # nosec
+        for _ in range(TEMPORARY_URL_LENGTH)
+    )
+    return url_hash
+
 class TemporaryUrlManager(models.Manager):
     def create_temporary_url(self, status, supervision_track):
         # Actions that result creating the object
 
-        # url_hash creation
-        url_hash = "".join(
-            random.choice(string.ascii_letters + string.digits)  # nosec
-            for _ in range(TEMPORARY_URL_LENGTH)
-        )
+        url_hash = generate_url_hash()
+        used_hashes = [x.url_hash for x in TemporaryUrl.objects.all()]
+        while url_hash in used_hashes:
+            url_hash = generate_url_hash()
+
         now = datetime.datetime.now()
         expiration_date_delta = datetime.timedelta(
             days=settings.ACCOUNT_ACTIVATION_DAYS_FROM_SUPERVISOR
-- 
GitLab