aboutsummaryrefslogtreecommitdiffstats
path: root/models/auth
diff options
context:
space:
mode:
authorJason Song <i@wolfogre.com>2022-11-28 23:37:42 +0800
committerGitHub <noreply@github.com>2022-11-28 23:37:42 +0800
commitf047ee0a40b50ab51e10ddcc57040ffa127d9e21 (patch)
tree5cccc1a9f3bff7f2887aaa85096fdea7b5f9a264 /models/auth
parent9607750b5e9001ab379fa8deab0dadbb6219c66e (diff)
downloadgitea-f047ee0a40b50ab51e10ddcc57040ffa127d9e21.tar.gz
gitea-f047ee0a40b50ab51e10ddcc57040ffa127d9e21.zip
Use random bytes to generate access token (#21959)
Diffstat (limited to 'models/auth')
-rw-r--r--models/auth/token.go9
1 files changed, 6 insertions, 3 deletions
diff --git a/models/auth/token.go b/models/auth/token.go
index 763174f08f..0dfcb7629b 100644
--- a/models/auth/token.go
+++ b/models/auth/token.go
@@ -6,16 +6,15 @@ package auth
import (
"crypto/subtle"
+ "encoding/hex"
"fmt"
"time"
"code.gitea.io/gitea/models/db"
- "code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/util"
- gouuid "github.com/google/uuid"
lru "github.com/hashicorp/golang-lru"
)
@@ -100,8 +99,12 @@ func NewAccessToken(t *AccessToken) error {
if err != nil {
return err
}
+ token, err := util.CryptoRandomBytes(20)
+ if err != nil {
+ return err
+ }
t.TokenSalt = salt
- t.Token = base.EncodeSha1(gouuid.New().String())
+ t.Token = hex.EncodeToString(token)
t.TokenHash = HashToken(t.Token, t.TokenSalt)
t.TokenLastEight = t.Token[len(t.Token)-8:]
_, err = db.GetEngine(db.DefaultContext).Insert(t)