From ce2a58e83b6a5337c083df27df73be238b193b05 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sun, 5 Dec 2021 18:42:03 -0800
Subject: [PATCH] fix: Math.random -> crypto.randomBytes

closes #2818
---
 server/utils/passport.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/utils/passport.ts b/server/utils/passport.ts
index 55ec75fec..9e89d1c0d 100644
--- a/server/utils/passport.ts
+++ b/server/utils/passport.ts
@@ -1,3 +1,4 @@
+import crypto from "crypto";
 import { addMinutes, subMinutes } from "date-fns";
 import fetch from "fetch-with-proxy";
 import { Request } from "koa";
@@ -8,8 +9,8 @@ export class StateStore {
   key = "state";
 
   store = (req: Request, callback: () => void) => {
-    // Produce an 8-character random string as state
-    const state = Math.random().toString(36).slice(-8);
+    // Produce a random string as state
+    const state = crypto.randomBytes(8).toString("hex");
 
     // @ts-expect-error ts-migrate(2339) FIXME: Property 'cookies' does not exist on type 'Request... Remove this comment to see the full error message
     req.cookies.set(this.key, state, {