Use get_random_string everywhere (#210)

Django's get_random_string tries really hard to either use sysrandom or
be otherwise as unpredictable as possible. Thanks to David Gullasch for
pointing out both the problem and the solution.

src/pretix/base/models/orders.py

@@ -1,5 +1,4 @@
 import copy
-import random
 import string
 from datetime import datetime
 from decimal import Decimal
@@ -7,6 +6,7 @@ from typing import List, Union
 
 from django.conf import settings
 from django.db import models
+from django.utils.crypto import get_random_string
 from django.utils.timezone import now
 from django.utils.translation import ugettext_lazy as _
 
@@ -17,12 +17,12 @@ from .items import Item, ItemVariation, Question, QuestionOption, Quota
 
 
 def generate_secret():
-    return ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(16))
+    return get_random_string(length=16, allowed_chars=string.ascii_letters + string.digits)
 
 
 def generate_position_secret():
     # Exclude o,0,1,i,l to avoid confusion with bad fonts/printers
-    return ''.join(random.choice('abcdefghjkmnpqrstuvwxyz23456789') for _ in range(settings.ENTROPY['ticket_secret']))
+    return get_random_string(length=settings.ENTROPY['ticket_secret'], allowed_chars='abcdefghjkmnpqrstuvwxyz23456789')
 
 
 class Order(LoggedModel):
@@ -201,7 +201,7 @@ class Order(LoggedModel):
     def assign_code(self):
         charset = list('ABCDEFGHKLMNPQRSTUVWXYZ23456789')
         while True:
-            code = "".join([random.choice(charset) for i in range(settings.ENTROPY['order_code'])])
+            code = get_random_string(length=settings.ENTROPY['order_code'], allowed_chars=charset)
             if not Order.objects.filter(event=self.event, code=code).exists():
                 self.code = code
                 return