From 63a90a129bedc9baedc2c801fd0744346400379c Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Wed, 3 Sep 2014 17:46:48 +0200
Subject: [PATCH] Use proper RNG generator

OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
---
 lib/base.php                 | 2 +-
 lib/private/user.php         | 2 +-
 lib/private/user/session.php | 2 +-
 lib/private/util.php         | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 1a99835040a..18331dd86aa 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -943,7 +943,7 @@ class OC {
 				if (defined("DEBUG") && DEBUG) {
 					OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
 				}
-				$token = OC_Util::generateRandomBytes(32);
+				$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
 				OC_Preferences::setValue($userid, 'login_token', $token, time());
 				OC_User::setMagicInCookie($userid, $token);
 			} else {
diff --git a/lib/private/user.php b/lib/private/user.php
index 509a7c71209..a79fc2ce834 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -428,7 +428,7 @@ class OC_User {
 	 * generates a password
 	 */
 	public static function generatePassword() {
-		return OC_Util::generateRandomBytes(30);
+		return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
 	}
 
 	/**
diff --git a/lib/private/user/session.php b/lib/private/user/session.php
index 11938db5076..5517e08a25d 100644
--- a/lib/private/user/session.php
+++ b/lib/private/user/session.php
@@ -234,7 +234,7 @@ class Session implements IUserSession, Emitter {
 		}
 		// replace successfully used token with a new one
 		\OC_Preferences::deleteKey($uid, 'login_token', $currentToken);
-		$newToken = \OC_Util::generateRandomBytes(32);
+		$newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
 		\OC_Preferences::setValue($uid, 'login_token', $newToken, time());
 		$this->setMagicInCookie($user->getUID(), $newToken);
 
diff --git a/lib/private/util.php b/lib/private/util.php
index bc20b7bcd56..94508e502e4 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -940,7 +940,7 @@ class OC_Util {
 		// Check if a token exists
 		if (!\OC::$server->getSession()->exists('requesttoken')) {
 			// No valid token found, generate a new one.
-			$requestToken = self::generateRandomBytes(20);
+			$requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
 			\OC::$server->getSession()->set('requesttoken', $requestToken);
 		} else {
 			// Valid token already exists, send it
-- 
2.39.5