summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFabrizio Steiner <fabrizio.steiner@gmail.com>2017-05-07 23:10:02 +0200
committerFabrizio Steiner <fabrizio.steiner@gmail.com>2017-05-08 14:04:40 +0200
commitf2a2b34e4639e88f8d948a388a51f010212b42a3 (patch)
tree954643c654e79741bda826d9b29374f8fae0e5c9
parent59ee22101f228d9dec8c3930da0b12b0766a479a (diff)
downloadnextcloud-server-f2a2b34e4639e88f8d948a388a51f010212b42a3.tar.gz
nextcloud-server-f2a2b34e4639e88f8d948a388a51f010212b42a3.zip
Increase device password entropy. Use lower- and upper-case characters and digits, but exclude ambiguous characters. The number of digits has also been increased to 25.
Signed-off-by: Fabrizio Steiner <fabrizio.steiner@gmail.com>
Diffstat
-rw-r--r--lib/public/Security/ISecureRandom.php7
-rw-r--r--settings/Controller/AuthSettingsController.php8
-rw-r--r--settings/css/settings.css2
-rw-r--r--tests/Settings/Controller/AuthSettingsControllerTest.php6
4 files changed, 15 insertions, 8 deletions
diff --git a/lib/public/Security/ISecureRandom.php b/lib/public/Security/ISecureRandom.php
index c60529ef803..14190639f44 100644
--- a/lib/public/Security/ISecureRandom.php
+++ b/lib/public/Security/ISecureRandom.php
@@ -45,6 +45,13 @@ interface ISecureRandom {
const CHAR_SYMBOLS = '!\"#$%&\\\'()* +,-./:;<=>?@[\]^_`{|}~';
/**
+ * Characters that can be used for <code>generate($length, $characters)</code>, to
+ * generate human readable random strings. Lower- and upper-case characters and digits
+ * are included. Characters which are ambiguous are excluded, such as I, l, and 1 and so on.
+ */
+ const CHAR_HUMAN_READABLE = "abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789";
+
+ /**
* Convenience method to get a low strength random number generator.
*
* Low Strength should be used anywhere that random strings are needed
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 57192e119a9..7bb8a6654e6 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -154,16 +154,16 @@ class AuthSettingsController extends Controller {
}
/**
- * Return a 20 digit device password
+ * Return a 25 digit device password
*
- * Example: ABCDE-FGHIJ-KLMNO-PQRST
+ * Example: AbCdE-fGhIj-KlMnO-pQrSt-12345
*
* @return string
*/
private function generateRandomDeviceToken() {
$groups = [];
- for ($i = 0; $i < 4; $i++) {
- $groups[] = $this->random->generate(5, implode('', range('A', 'Z')));
+ for ($i = 0; $i < 5; $i++) {
+ $groups[] = $this->random->generate(5, ISecureRandom::CHAR_HUMAN_READABLE);
}
return implode('-', $groups);
}
diff --git a/settings/css/settings.css b/settings/css/settings.css
index 0777f7e4cf4..acd8ce8e47c 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -343,7 +343,7 @@ table.nostyle td { padding: 0.2em 0; }
#new-app-login-name,
#new-app-password {
- width: 186px;
+ width: 245px;
font-family: monospace;
background-color: lightyellow;
}
diff --git a/tests/Settings/Controller/AuthSettingsControllerTest.php b/tests/Settings/Controller/AuthSettingsControllerTest.php
index 7f4277acd73..5c1280ff4b0 100644
--- a/tests/Settings/Controller/AuthSettingsControllerTest.php
+++ b/tests/Settings/Controller/AuthSettingsControllerTest.php
@@ -133,11 +133,11 @@ class AuthSettingsControllerTest extends TestCase {
->method('getLoginName')
->will($this->returnValue('User13'));
- $this->secureRandom->expects($this->exactly(4))
+ $this->secureRandom->expects($this->exactly(5))
->method('generate')
- ->with(5, implode('', range('A', 'Z')))
+ ->with(5, ISecureRandom::CHAR_HUMAN_READABLE)
->will($this->returnValue('XXXXX'));
- $newToken = 'XXXXX-XXXXX-XXXXX-XXXXX';
+ $newToken = 'XXXXX-XXXXX-XXXXX-XXXXX-XXXXX';
$this->tokenProvider->expects($this->once())
->method('generateToken')
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 15:09:39 +0000