Increase device password entropy. Use lower- and upper-case characters and digits...

Signed-off-by: Fabrizio Steiner <fabrizio.steiner@gmail.com>

diff --git a/lib/public/Security/ISecureRandom.php b/lib/public/Security/ISecureRandom.php
index c60529ef8033dff24f8095ed7f5a2fe36c53d57b..14190639f44c3d370cfe66f5ab83f6abbe84154d 100644 (file)
--- a/lib/public/Security/ISecureRandom.php
+++ b/lib/public/Security/ISecureRandom.php
@@ -44,6 +44,13 @@ interface ISecureRandom {
        const CHAR_DIGITS = '0123456789';
        const CHAR_SYMBOLS = '!\"#$%&\\\'()* +,-./:;<=>?@[\]^_`{|}~';
 
+       /**
+        * Characters that can be used for <code>generate($length, $characters)</code>, to
+        * generate human readable random strings. Lower- and upper-case characters and digits 
+        * are included. Characters which are ambiguous are excluded, such as I, l, and 1 and so on.
+        */
+       const CHAR_HUMAN_READABLE = "abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789";
+
        /**
         * Convenience method to get a low strength random number generator.
         *

diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 57192e119a99a64243e678da5f27d049ea018a43..7bb8a6654e646dd9b105ecaca8379bd21f501e01 100644 (file)
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -154,16 +154,16 @@ class AuthSettingsController extends Controller {
        }
 
        /**
-        * Return a 20 digit device password
+        * Return a 25 digit device password
         *
-        * Example: ABCDE-FGHIJ-KLMNO-PQRST
+        * Example: AbCdE-fGhIj-KlMnO-pQrSt-12345
         *
         * @return string
         */
        private function generateRandomDeviceToken() {
                $groups = [];
-               for ($i = 0; $i < 4; $i++) {
-                       $groups[] = $this->random->generate(5, implode('', range('A', 'Z')));
+               for ($i = 0; $i < 5; $i++) {
+                       $groups[] = $this->random->generate(5, ISecureRandom::CHAR_HUMAN_READABLE);
                }
                return implode('-', $groups);
        }

diff --git a/settings/css/settings.css b/settings/css/settings.css
index 0777f7e4cf4ac3cfc35df3860736862ac340afe5..acd8ce8e47c1e8fc228b5b44476535fbdcbc7023 100644 (file)
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -343,7 +343,7 @@ table.nostyle td { padding: 0.2em 0; }
 
 #new-app-login-name,
 #new-app-password {
-       width: 186px;
+       width: 245px;
        font-family: monospace;
        background-color: lightyellow;
 }

diff --git a/tests/Settings/Controller/AuthSettingsControllerTest.php b/tests/Settings/Controller/AuthSettingsControllerTest.php
index 7f4277acd73a3f836119d70651d1db84f3204667..5c1280ff4b00a01b9bc9d6bf35f9142c88324f77 100644 (file)
--- a/tests/Settings/Controller/AuthSettingsControllerTest.php
+++ b/tests/Settings/Controller/AuthSettingsControllerTest.php
@@ -133,11 +133,11 @@ class AuthSettingsControllerTest extends TestCase {
                        ->method('getLoginName')
                        ->will($this->returnValue('User13'));
 
-               $this->secureRandom->expects($this->exactly(4))
+               $this->secureRandom->expects($this->exactly(5))
                        ->method('generate')
-                       ->with(5, implode('', range('A', 'Z')))
+                       ->with(5, ISecureRandom::CHAR_HUMAN_READABLE)
                        ->will($this->returnValue('XXXXX'));
-               $newToken = 'XXXXX-XXXXX-XXXXX-XXXXX';
+               $newToken = 'XXXXX-XXXXX-XXXXX-XXXXX-XXXXX';
 
                $this->tokenProvider->expects($this->once())
                        ->method('generateToken')