[WEB-5518]: update magic code token to send code as 6 digit numbers (#8188)

* refactor: simplify token generation in MagicCodeProvider by using a numeric approach * fix: update placeholder text for unique code input across multiple languages * refactor: replace token generation with a numeric approach for user email updates * fix: update placeholder text for unique code input in multiple languages to a numeric format * refactor: replace random token generation with secrets for enhanced security in user email updates and magic code provider
2025-12-01 18:56:14 +05:30 · 2025-12-01 18:56:14 +05:30 · a7e2e596bf
commit a7e2e596bf
parent 980428b204
23 changed files with 39 additions and 54 deletions
--- a/apps/api/plane/app/views/user/base.py
+++ b/apps/api/plane/app/views/user/base.py
@ -2,8 +2,6 @@
 import uuid
 import json
 import logging
-import random
-import string
 import secrets

 # Django imports
@ -151,13 +149,7 @@ class UserEndpoint(BaseViewSet):
            # Include user ID to bind the code to the specific user
            cache_key = f"magic_email_update_{user.id}_{new_email}"
            ## Generate a random token
-            token = (
-                "".join(secrets.choice(string.ascii_lowercase) for _ in range(4))
-                + "-"
-                + "".join(secrets.choice(string.ascii_lowercase) for _ in range(4))
-                + "-"
-                + "".join(secrets.choice(string.ascii_lowercase) for _ in range(4))
-            )
+            token = str(secrets.randbelow(900000) + 100000)
            # Store in cache with 10 minute expiration
            cache_data = json.dumps({"token": token})
            cache.set(cache_key, cache_data, timeout=600)
--- a/apps/api/plane/authentication/provider/credentials/magic_code.py
+++ b/apps/api/plane/authentication/provider/credentials/magic_code.py
@ -1,8 +1,7 @@
 # Python imports
 import json
 import os
-import random
-import string
+import secrets


 # Module imports
@ -50,13 +49,7 @@ class MagicCodeProvider(CredentialAdapter):

    def initiate(self):
        ## Generate a random token
-        token = (
-            "".join(random.choices(string.ascii_lowercase, k=4))
-            + "-"
-            + "".join(random.choices(string.ascii_lowercase, k=4))
-            + "-"
-            + "".join(random.choices(string.ascii_lowercase, k=4))
-        )
+        token = str(secrets.randbelow(900000) + 100000)

        ri = redis_instance()