Merge pull request #10849 from owncloud/UseProperRandomFunction

Use proper RNG

* owncloud/UseProperRandomFunction:
  Use proper RNG generator
This commit is contained in:
Andreas Fischer 2014-09-03 21:13:54 +02:00
commit 16606f44d7
4 changed files with 4 additions and 4 deletions

View File

@ -943,7 +943,7 @@ class OC {
if (defined("DEBUG") && DEBUG) { if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
} }
$token = OC_Util::generateRandomBytes(32); $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
OC_Preferences::setValue($userid, 'login_token', $token, time()); OC_Preferences::setValue($userid, 'login_token', $token, time());
OC_User::setMagicInCookie($userid, $token); OC_User::setMagicInCookie($userid, $token);
} else { } else {

View File

@ -428,7 +428,7 @@ class OC_User {
* generates a password * generates a password
*/ */
public static function generatePassword() { public static function generatePassword() {
return OC_Util::generateRandomBytes(30); return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
} }
/** /**

View File

@ -234,7 +234,7 @@ class Session implements IUserSession, Emitter {
} }
// replace successfully used token with a new one // replace successfully used token with a new one
\OC_Preferences::deleteKey($uid, 'login_token', $currentToken); \OC_Preferences::deleteKey($uid, 'login_token', $currentToken);
$newToken = \OC_Util::generateRandomBytes(32); $newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
\OC_Preferences::setValue($uid, 'login_token', $newToken, time()); \OC_Preferences::setValue($uid, 'login_token', $newToken, time());
$this->setMagicInCookie($user->getUID(), $newToken); $this->setMagicInCookie($user->getUID(), $newToken);

View File

@ -940,7 +940,7 @@ class OC_Util {
// Check if a token exists // Check if a token exists
if (!\OC::$server->getSession()->exists('requesttoken')) { if (!\OC::$server->getSession()->exists('requesttoken')) {
// No valid token found, generate a new one. // No valid token found, generate a new one.
$requestToken = self::generateRandomBytes(20); $requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
\OC::$server->getSession()->set('requesttoken', $requestToken); \OC::$server->getSession()->set('requesttoken', $requestToken);
} else { } else {
// Valid token already exists, send it // Valid token already exists, send it