use random_word instead of random_string for alias suffix

app/api/views/alias_options.py

@@ -7,7 +7,7 @@ from app.config import EMAIL_DOMAIN
 from app.extensions import db
 from app.log import LOG
 from app.models import AliasUsedOn, GenEmail, User
-from app.utils import random_string, convert_to_id
+from app.utils import convert_to_id, random_word
 
 
 @api_bp.route("/alias/options")
@@ -71,7 +71,7 @@ def options():
 
     # maybe better to make sure the suffix is never used before
     # but this is ok as there's a check when creating a new custom alias
-    ret["custom"]["suffixes"] = [f".{random_string(6)}@{EMAIL_DOMAIN}"]
+    ret["custom"]["suffixes"] = [f".{random_word()}@{EMAIL_DOMAIN}"]
 
     for custom_domain in user.verified_custom_domains():
         ret["custom"]["suffixes"].append("@" + custom_domain.domain)

app/dashboard/views/custom_alias.py

@@ -7,7 +7,7 @@ from app.email_utils import notify_admin
 from app.extensions import db
 from app.log import LOG
 from app.models import GenEmail, DeletedAlias, CustomDomain
-from app.utils import convert_to_id, random_string
+from app.utils import convert_to_id, random_word
 
 
 @dashboard_bp.route("/custom_alias", methods=["GET", "POST"])
@@ -93,7 +93,7 @@ def custom_alias():
                 session[HIGHLIGHT_GEN_EMAIL_ID] = gen_email.id
                 return redirect(url_for("dashboard.index"))
 
-    email_suffix = random_string(6)
+    email_suffix = random_word()
     return render_template(
         "dashboard/custom_alias.html",
         error=error,

app/models.py

@@ -13,7 +13,7 @@ from app.config import EMAIL_DOMAIN, MAX_NB_EMAIL_FREE_PLAN, URL, AVATAR_URL_EXP
 from app.extensions import db
 from app.log import LOG
 from app.oauth_models import Scope
-from app.utils import convert_to_id, random_string, random_words
+from app.utils import convert_to_id, random_string, random_words, random_word
 
 
 class ModelMixin(object):
@@ -421,14 +421,13 @@ class GenEmail(db.Model, ModelMixin):
         if not prefix:
             raise Exception("alias prefix cannot be empty")
 
-        # find the right suffix
+        # find the right suffix - avoid infinite loop by running this at max 1000 times
-        found = False
+        for i in range(1000):
-        while not found:
+            suffix = random_word()
-            suffix = random_string(6)
             email = f"{prefix}.{suffix}@{EMAIL_DOMAIN}"
 
             if not cls.get_by(email=email):
-                found = True
+                break
 
         return GenEmail.create(user_id=user_id, email=email, custom=True)
 

app/oauth/views/authorize.py

@@ -1,4 +1,3 @@
-import random
 from typing import Dict
 from urllib.parse import urlparse
 
@@ -27,7 +26,7 @@ from app.oauth_models import (
     SUPPORTED_OPENID_FLOWS_STR,
     response_types_to_str,
 )
-from app.utils import random_string, encode_url, convert_to_id
+from app.utils import random_string, encode_url, convert_to_id, random_word
 
 
 @oauth_bp.route("/authorize", methods=["GET", "POST"])
@@ -100,9 +99,11 @@ def authorize():
                 LOG.debug("user %s has already allowed client %s", current_user, client)
                 user_info = client_user.get_user_info()
             else:
-                suggested_email, other_emails = current_user.suggested_emails(client.name)
+                suggested_email, other_emails = current_user.suggested_emails(
+                    client.name
+                )
                 suggested_name, other_names = current_user.suggested_names()
-                email_suffix = random_string(6)
+                email_suffix = random_word()
 
             return render_template(
                 "oauth/authorize.html",

app/utils.py

@@ -12,6 +12,10 @@ with open(WORDS_FILE_PATH) as f:
     _words = f.read().split()
 
 
+def random_word():
+    return random.choice(_words)
+
+
 def random_words():
     """Generate a random words. Used to generate user-facing string, for ex email addresses"""
     nb_words = random.randint(2, 3)