Merge pull request #4727 from stffabi/IncreaseDeviceEntropy
Increase device password entropy.
This commit is contained in:
Lukas Reschke
GitHub
commit
c28fe270b6
|
|
@ -44,6 +44,13 @@ interface ISecureRandom {
|
||||||
const CHAR_DIGITS = '0123456789';
|
const CHAR_DIGITS = '0123456789';
|
||||||
const CHAR_SYMBOLS = '!\"#$%&\\\'()* +,-./:;<=>?@[\]^_`{|}~';
|
const CHAR_SYMBOLS = '!\"#$%&\\\'()* +,-./:;<=>?@[\]^_`{|}~';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Characters that can be used for <code>generate($length, $characters)</code>, to
|
||||||
|
* generate human readable random strings. Lower- and upper-case characters and digits
|
||||||
|
* are included. Characters which are ambiguous are excluded, such as I, l, and 1 and so on.
|
||||||
|
*/
|
||||||
|
const CHAR_HUMAN_READABLE = "abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Convenience method to get a low strength random number generator.
|
* Convenience method to get a low strength random number generator.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
|
|
@ -154,16 +154,16 @@ class AuthSettingsController extends Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return a 20 digit device password
|
* Return a 25 digit device password
|
||||||
*
|
*
|
||||||
* Example: ABCDE-FGHIJ-KLMNO-PQRST
|
* Example: AbCdE-fGhIj-KlMnO-pQrSt-12345
|
||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
private function generateRandomDeviceToken() {
|
private function generateRandomDeviceToken() {
|
||||||
$groups = [];
|
$groups = [];
|
||||||
for ($i = 0; $i < 4; $i++) {
|
for ($i = 0; $i < 5; $i++) {
|
||||||
$groups[] = $this->random->generate(5, implode('', range('A', 'Z')));
|
$groups[] = $this->random->generate(5, ISecureRandom::CHAR_HUMAN_READABLE);
|
||||||
}
|
}
|
||||||
return implode('-', $groups);
|
return implode('-', $groups);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -392,7 +392,7 @@ table.nostyle td {
|
||||||
|
|
||||||
#new-app-login-name,
|
#new-app-login-name,
|
||||||
#new-app-password {
|
#new-app-password {
|
||||||
width: 186px;
|
width: 245px;
|
||||||
font-family: monospace;
|
font-family: monospace;
|
||||||
background-color: lightyellow;
|
background-color: lightyellow;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -133,11 +133,11 @@ class AuthSettingsControllerTest extends TestCase {
|
||||||
->method('getLoginName')
|
->method('getLoginName')
|
||||||
->will($this->returnValue('User13'));
|
->will($this->returnValue('User13'));
|
||||||
|
|
||||||
$this->secureRandom->expects($this->exactly(4))
|
$this->secureRandom->expects($this->exactly(5))
|
||||||
->method('generate')
|
->method('generate')
|
||||||
->with(5, implode('', range('A', 'Z')))
|
->with(5, ISecureRandom::CHAR_HUMAN_READABLE)
|
||||||
->will($this->returnValue('XXXXX'));
|
->will($this->returnValue('XXXXX'));
|
||||||
$newToken = 'XXXXX-XXXXX-XXXXX-XXXXX';
|
$newToken = 'XXXXX-XXXXX-XXXXX-XXXXX-XXXXX';
|
||||||
|
|
||||||
$this->tokenProvider->expects($this->once())
|
$this->tokenProvider->expects($this->once())
|
||||||
->method('generateToken')
|
->method('generateToken')
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue