mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use proper RNG generator 

OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
This commit is contained in:
Lukas Reschke 2014-09-03 17:46:48 +02:00
parent 7d4317e9fb
commit 63a90a129b
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/base.php
View File

@ -943,7 +943,7 @@ class OC {
if (defined("DEBUG") && DEBUG) { if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
} }
$token = OC_Util::generateRandomBytes(32); $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
OC_Preferences::setValue($userid, 'login_token', $token, time()); OC_Preferences::setValue($userid, 'login_token', $token, time());
OC_User::setMagicInCookie($userid, $token); OC_User::setMagicInCookie($userid, $token);
} else { } else {

2
lib/private/user.php
View File

@ -428,7 +428,7 @@ class OC_User {
* generates a password * generates a password
*/ */
public static function generatePassword() { public static function generatePassword() {
return OC_Util::generateRandomBytes(30); return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
} }
/** /**

2
lib/private/user/session.php
View File

@ -234,7 +234,7 @@ class Session implements IUserSession, Emitter {
} }
// replace successfully used token with a new one // replace successfully used token with a new one
\OC_Preferences::deleteKey($uid, 'login_token', $currentToken); \OC_Preferences::deleteKey($uid, 'login_token', $currentToken);
$newToken = \OC_Util::generateRandomBytes(32); $newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
\OC_Preferences::setValue($uid, 'login_token', $newToken, time()); \OC_Preferences::setValue($uid, 'login_token', $newToken, time());
$this->setMagicInCookie($user->getUID(), $newToken); $this->setMagicInCookie($user->getUID(), $newToken);

2
lib/private/util.php
View File

@ -940,7 +940,7 @@ class OC_Util {
// Check if a token exists // Check if a token exists
if (!\OC::$server->getSession()->exists('requesttoken')) { if (!\OC::$server->getSession()->exists('requesttoken')) {
// No valid token found, generate a new one. // No valid token found, generate a new one.
$requestToken = self::generateRandomBytes(20); $requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
\OC::$server->getSession()->set('requesttoken', $requestToken); \OC::$server->getSession()->set('requesttoken', $requestToken);
} else { } else {
// Valid token already exists, send it // Valid token already exists, send it