OC_Util::generateRandomBytes() only returns lowercase alphanumeric values. We should use the new RNG which has a broader characterset.tags/v8.0.0alpha1
@@ -943,7 +943,7 @@ class OC { | |||
if (defined("DEBUG") && DEBUG) { | |||
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); | |||
} | |||
$token = OC_Util::generateRandomBytes(32); | |||
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); | |||
OC_Preferences::setValue($userid, 'login_token', $token, time()); | |||
OC_User::setMagicInCookie($userid, $token); | |||
} else { |
@@ -428,7 +428,7 @@ class OC_User { | |||
* generates a password | |||
*/ | |||
public static function generatePassword() { | |||
return OC_Util::generateRandomBytes(30); | |||
return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30); | |||
} | |||
/** |
@@ -234,7 +234,7 @@ class Session implements IUserSession, Emitter { | |||
} | |||
// replace successfully used token with a new one | |||
\OC_Preferences::deleteKey($uid, 'login_token', $currentToken); | |||
$newToken = \OC_Util::generateRandomBytes(32); | |||
$newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); | |||
\OC_Preferences::setValue($uid, 'login_token', $newToken, time()); | |||
$this->setMagicInCookie($user->getUID(), $newToken); | |||
@@ -940,7 +940,7 @@ class OC_Util { | |||
// Check if a token exists | |||
if (!\OC::$server->getSession()->exists('requesttoken')) { | |||
// No valid token found, generate a new one. | |||
$requestToken = self::generateRandomBytes(20); | |||
$requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30); | |||
\OC::$server->getSession()->set('requesttoken', $requestToken); | |||
} else { | |||
// Valid token already exists, send it |