Merge pull request #10849 from owncloud/UseProperRandomFunction
Use proper RNG * owncloud/UseProperRandomFunction: Use proper RNG generator
This commit is contained in:
commit
16606f44d7
|
@ -943,7 +943,7 @@ class OC {
|
||||||
if (defined("DEBUG") && DEBUG) {
|
if (defined("DEBUG") && DEBUG) {
|
||||||
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
|
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
|
||||||
}
|
}
|
||||||
$token = OC_Util::generateRandomBytes(32);
|
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
|
||||||
OC_Preferences::setValue($userid, 'login_token', $token, time());
|
OC_Preferences::setValue($userid, 'login_token', $token, time());
|
||||||
OC_User::setMagicInCookie($userid, $token);
|
OC_User::setMagicInCookie($userid, $token);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -428,7 +428,7 @@ class OC_User {
|
||||||
* generates a password
|
* generates a password
|
||||||
*/
|
*/
|
||||||
public static function generatePassword() {
|
public static function generatePassword() {
|
||||||
return OC_Util::generateRandomBytes(30);
|
return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -234,7 +234,7 @@ class Session implements IUserSession, Emitter {
|
||||||
}
|
}
|
||||||
// replace successfully used token with a new one
|
// replace successfully used token with a new one
|
||||||
\OC_Preferences::deleteKey($uid, 'login_token', $currentToken);
|
\OC_Preferences::deleteKey($uid, 'login_token', $currentToken);
|
||||||
$newToken = \OC_Util::generateRandomBytes(32);
|
$newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
|
||||||
\OC_Preferences::setValue($uid, 'login_token', $newToken, time());
|
\OC_Preferences::setValue($uid, 'login_token', $newToken, time());
|
||||||
$this->setMagicInCookie($user->getUID(), $newToken);
|
$this->setMagicInCookie($user->getUID(), $newToken);
|
||||||
|
|
||||||
|
|
|
@ -940,7 +940,7 @@ class OC_Util {
|
||||||
// Check if a token exists
|
// Check if a token exists
|
||||||
if (!\OC::$server->getSession()->exists('requesttoken')) {
|
if (!\OC::$server->getSession()->exists('requesttoken')) {
|
||||||
// No valid token found, generate a new one.
|
// No valid token found, generate a new one.
|
||||||
$requestToken = self::generateRandomBytes(20);
|
$requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
|
||||||
\OC::$server->getSession()->set('requesttoken', $requestToken);
|
\OC::$server->getSession()->set('requesttoken', $requestToken);
|
||||||
} else {
|
} else {
|
||||||
// Valid token already exists, send it
|
// Valid token already exists, send it
|
||||||
|
|
Loading…
Reference in New Issue