From a39cec2b763cb0ca3cc70487a0eecb80085f547a Mon Sep 17 00:00:00 2001
From: Elliot DeNolf <denolfe@gmail.com>
Date: Tue, 15 Sep 2020 14:26:55 -0400
Subject: [PATCH] use crypto for verification token

---
 src/collections/operations/create.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/collections/operations/create.js b/src/collections/operations/create.js
index 6b8234cd3c..00c86edc5a 100644
--- a/src/collections/operations/create.js
+++ b/src/collections/operations/create.js
@@ -1,4 +1,5 @@
 const mkdirp = require('mkdirp');
+const crypto = require('crypto');
 
 const executeAccess = require('../../auth/executeAccess');
 
@@ -144,7 +145,7 @@ async function create(args) {
     }
     if (collectionConfig.auth.emailVerification) {
       data.verified = false;
-      data.verificationToken = 'asdf'; // TODO: Use bcrypt
+      data.verificationToken = await crypto.randomBytes(20).toString('hex');
       // TODO: Generate and send email
     }
   }