From a486627f9a80d3a1f7836c1dfd6b10c8b738e0b3 Mon Sep 17 00:00:00 2001
From: KronosDP <darrel.danadyaksa19@gmail.com>
Date: Wed, 26 Feb 2025 14:52:07 +0700
Subject: [PATCH] [REFACTOR] Replace Random with SecureRandom in OTPService for
 improved security

---
 .../com/safetypin/authentication/service/OTPService.java     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/safetypin/authentication/service/OTPService.java b/src/main/java/com/safetypin/authentication/service/OTPService.java
index ac9ee7d..b338aca 100644
--- a/src/main/java/com/safetypin/authentication/service/OTPService.java
+++ b/src/main/java/com/safetypin/authentication/service/OTPService.java
@@ -3,8 +3,9 @@ package com.safetypin.authentication.service;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
+
+import java.security.SecureRandom;
 import java.time.LocalDateTime;
-import java.util.Random;
 import java.util.concurrent.ConcurrentHashMap;
 
 @Service
@@ -13,7 +14,7 @@ public class OTPService {
     private static final long OTP_EXPIRATION_SECONDS = 120; // 2 minutes expiration
     private static final Logger log = LoggerFactory.getLogger(OTPService.class);
     private final ConcurrentHashMap<String, OTPDetails> otpStorage = new ConcurrentHashMap<>();
-    private final Random random = new Random();
+    private final SecureRandom random = new SecureRandom();
 
     public String generateOTP(String email) {
         String otp = String.format("%06d", random.nextInt(1000000));
-- 
GitLab