diff options
Diffstat (limited to 'models')
| -rw-r--r-- | models/auth/twofactor.go | 8 | ||||
| -rw-r--r-- | models/migrations/v71.go | 2 | ||||
| -rw-r--r-- | models/migrations/v85.go | 2 | ||||
| -rw-r--r-- | models/token.go | 2 | ||||
| -rw-r--r-- | models/user/user.go | 2 |
5 files changed, 10 insertions, 6 deletions
diff --git a/models/auth/twofactor.go b/models/auth/twofactor.go index 883e6ce01c..c5bd972f91 100644 --- a/models/auth/twofactor.go +++ b/models/auth/twofactor.go @@ -8,6 +8,7 @@ import ( "crypto/md5" "crypto/sha256" "crypto/subtle" + "encoding/base32" "encoding/base64" "fmt" @@ -58,11 +59,14 @@ func init() { // GenerateScratchToken recreates the scratch token the user is using. func (t *TwoFactor) GenerateScratchToken() (string, error) { - token, err := util.RandomString(8) + tokenBytes, err := util.CryptoRandomBytes(6) if err != nil { return "", err } - t.ScratchSalt, _ = util.RandomString(10) + // these chars are specially chosen, avoid ambiguous chars like `0`, `O`, `1`, `I`. + const base32Chars = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789" + token := base32.NewEncoding(base32Chars).WithPadding(base32.NoPadding).EncodeToString(tokenBytes) + t.ScratchSalt, _ = util.CryptoRandomString(10) t.ScratchHash = HashToken(token, t.ScratchSalt) return token, nil } diff --git a/models/migrations/v71.go b/models/migrations/v71.go index e4ed46a21a..163ec3ee5f 100644 --- a/models/migrations/v71.go +++ b/models/migrations/v71.go @@ -53,7 +53,7 @@ func addScratchHash(x *xorm.Engine) error { for _, tfa := range tfas { // generate salt - salt, err := util.RandomString(10) + salt, err := util.CryptoRandomString(10) if err != nil { return err } diff --git a/models/migrations/v85.go b/models/migrations/v85.go index bdbcebeb00..9611d6e72a 100644 --- a/models/migrations/v85.go +++ b/models/migrations/v85.go @@ -65,7 +65,7 @@ func hashAppToken(x *xorm.Engine) error { for _, token := range tokens { // generate salt - salt, err := util.RandomString(10) + salt, err := util.CryptoRandomString(10) if err != nil { return err } diff --git a/models/token.go b/models/token.go index 44428a0809..b89514309c 100644 --- a/models/token.go +++ b/models/token.go @@ -62,7 +62,7 @@ func init() { // NewAccessToken creates new access token. func NewAccessToken(t *AccessToken) error { - salt, err := util.RandomString(10) + salt, err := util.CryptoRandomString(10) if err != nil { return err } diff --git a/models/user/user.go b/models/user/user.go index 57a7fcadfa..38352fe5e2 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -533,7 +533,7 @@ const SaltByteLength = 16 // GetUserSalt returns a random user salt token. func GetUserSalt() (string, error) { - rBytes, err := util.RandomBytes(SaltByteLength) + rBytes, err := util.CryptoRandomBytes(SaltByteLength) if err != nil { return "", err } |