From 4f31c408917d339e1a406a6f61cb29da05e1d6af Mon Sep 17 00:00:00 2001
From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com>
Date: Tue, 26 Mar 2024 17:28:31 +0100
Subject: [PATCH] Replace Math.random() with crypto.randomBytes()

---
 apps/api/src/app/user/user.service.ts | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/apps/api/src/app/user/user.service.ts b/apps/api/src/app/user/user.service.ts
index e20dea4af..8b7c88560 100644
--- a/apps/api/src/app/user/user.service.ts
+++ b/apps/api/src/app/user/user.service.ts
@@ -452,14 +452,15 @@ export class UserService {
   }
 
   private getRandomString(length: number) {
+    const bytes = crypto.randomBytes(length);
     const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
     const result = [];
 
     for (let i = 0; i < length; i++) {
-      result.push(
-        characters.charAt(Math.floor(Math.random() * characters.length))
-      );
+      const randomByte = bytes[i];
+      result.push(characters[randomByte % characters.length]);
     }
+
     return result.join('');
   }
 }