remove SecretBytes

there's no benefit to keeping it around, the zeroing behavior it had was
never any good and without it it's just a fancy [u8; N]

3 files changed, 8 insertions, 8 deletions

diff --git a/src/api/auth/account.rs b/src/api/auth/account.rs
index 56ec717..9d2a19e 100644
--- a/src/api/auth/account.rs
+++ b/src/api/auth/account.rs
@@ -11,7 +11,7 @@ use serde::{Deserialize, Serialize};
 use validator::Validate;
 
 use crate::api::{Empty, EMPTY};
-use crate::crypto::{KeyFetchToken, SessionToken};
+use crate::crypto::{random_bytes, KeyFetchToken, SessionToken};
 use crate::db::{Db, DbConn};
 use crate::mailer::Mailer;
 use crate::push::PushClient;
@@ -21,7 +21,7 @@ use crate::Config;
 use crate::{
     api::{auth, serialize_dt},
     auth::{AuthSource, Authenticated},
-    crypto::{AuthPW, KeyBundle, KeyFetchReq, SecretBytes, SessionCredentials},
+    crypto::{AuthPW, KeyBundle, KeyFetchReq, SessionCredentials},
     types::{KeyFetchID, OauthToken, SecretKey, User, UserID, VerifyHash},
 };
 
@@ -122,7 +122,7 @@ pub(crate) async fn create(
         .await?;
     let auth_at =
         db.add_session(session.token_id.clone(), &uid, session.req_hmac_key, false, None).await?;
-    let verify_code = hex::encode(&SecretBytes::<16>::generate().0);
+    let verify_code = hex::encode(&random_bytes::<16>());
     db.add_verify_code(&uid, &session.token_id, &verify_code).await?;
     // NOTE we send the email in this context rather than a spawn to signal
     // send errors to the client.
diff --git a/src/api/auth/invite.rs b/src/api/auth/invite.rs
index f2c6ad8..e70c3d6 100644
--- a/src/api/auth/invite.rs
+++ b/src/api/auth/invite.rs
@@ -3,7 +3,7 @@ use chrono::{Duration, Utc};
 use rocket::{http::uri::Reference, serde::json::Json, State};
 use serde::{Deserialize, Serialize};
 
-use crate::{api::auth, auth::Authenticated, crypto::SecretBytes, db::DbConn, Config};
+use crate::{api::auth, auth::Authenticated, crypto::random_bytes, db::DbConn, Config};
 
 use super::WithVerifiedFxaLogin;
 
@@ -12,7 +12,7 @@ pub(crate) async fn generate_invite_link(
     cfg: &Config,
     ttl: Duration,
 ) -> anyhow::Result<Reference<'static>> {
-    let code = base64::encode_config(&SecretBytes::<32>::generate().0, URL_SAFE_NO_PAD);
+    let code = base64::encode_config(&random_bytes::<32>(), URL_SAFE_NO_PAD);
     db.add_invite_code(&code, Utc::now() + ttl).await?;
     Reference::parse_owned(format!("{}/#/register/{}", cfg.location, code))
         .map_err(|e| anyhow!("url building failed at {e}"))
diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs
index 79b7587..d1455e4 100644
--- a/src/api/auth/password.rs
+++ b/src/api/auth/password.rs
@@ -10,8 +10,8 @@ use crate::{
     api::auth,
     auth::{AuthSource, Authenticated},
     crypto::{
-        AccountResetReq, AccountResetToken, AuthPW, KeyBundle, KeyFetchReq, KeyFetchToken,
-        PasswordChangeReq, PasswordChangeToken, SecretBytes,
+        random_bytes, AccountResetReq, AccountResetToken, AuthPW, KeyBundle, KeyFetchReq,
+        KeyFetchToken, PasswordChangeReq, PasswordChangeToken,
     },
     db::{Db, DbConn},
     mailer::Mailer,
@@ -192,7 +192,7 @@ pub(crate) async fn forgot_start(
         return Err(auth::Error::UnverifiedAccount);
     }
 
-    let forgot_code = hex::encode(SecretBytes::<16>::generate().0);
+    let forgot_code = hex::encode(random_bytes::<16>());
     let forgot_token = PasswordChangeToken::generate();
     let forgot_req = PasswordChangeReq::derive_from_forgot_token(&forgot_token);
     db.add_password_change(