From 3717a2ebeb90e6b16c109208a0a33f78fc95c8bd Mon Sep 17 00:00:00 2001
From: Tim Cooper <tim.cooper@layeh.com>
Date: Fri, 1 Oct 2021 14:46:42 -0500
Subject: [PATCH] fix insecure math/rand use for access token generation
 (#1441)

---
 utils/accessTokens.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/utils/accessTokens.go b/utils/accessTokens.go
index bb2c6d785..12f8afe90 100644
--- a/utils/accessTokens.go
+++ b/utils/accessTokens.go
@@ -1,9 +1,8 @@
 package utils
 
 import (
+	"crypto/rand"
 	"encoding/base64"
-	"math/rand"
-	"time"
 )
 
 const tokenLength = 32
@@ -19,8 +18,7 @@ func GenerateAccessToken() (string, error) {
 // case the caller should not continue.
 func generateRandomBytes(n int) ([]byte, error) {
 	b := make([]byte, n)
-	rand.Seed(time.Now().UTC().UnixNano())
-	_, err := rand.Read(b) //nolint
+	_, err := rand.Read(b)
 	// Note that err == nil only if we read len(b) bytes.
 	if err != nil {
 		return nil, err