Use proper RNG generator

OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
This commit is contained in:
Lukas Reschke 2014-09-03 17:46:48 +02:00
parent 7d4317e9fb
commit 63a90a129b
4 changed files with 4 additions and 4 deletions

View file

@ -943,7 +943,7 @@ class OC {
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
}
$token = OC_Util::generateRandomBytes(32);
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
OC_Preferences::setValue($userid, 'login_token', $token, time());
OC_User::setMagicInCookie($userid, $token);
} else {

View file

@ -428,7 +428,7 @@ class OC_User {
* generates a password
*/
public static function generatePassword() {
return OC_Util::generateRandomBytes(30);
return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
}
/**

View file

@ -234,7 +234,7 @@ class Session implements IUserSession, Emitter {
}
// replace successfully used token with a new one
\OC_Preferences::deleteKey($uid, 'login_token', $currentToken);
$newToken = \OC_Util::generateRandomBytes(32);
$newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
\OC_Preferences::setValue($uid, 'login_token', $newToken, time());
$this->setMagicInCookie($user->getUID(), $newToken);

View file

@ -940,7 +940,7 @@ class OC_Util {
// Check if a token exists
if (!\OC::$server->getSession()->exists('requesttoken')) {
// No valid token found, generate a new one.
$requestToken = self::generateRandomBytes(20);
$requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
\OC::$server->getSession()->set('requesttoken', $requestToken);
} else {
// Valid token already exists, send it