diff options
author | Vincent Petry <vincent@nextcloud.com> | 2023-01-11 15:21:26 +0100 |
---|---|---|
committer | Vincent Petry <vincent@nextcloud.com> | 2023-01-16 14:35:08 +0100 |
commit | e9f7ea11bb85b599daec7a918764dc39c70e637c (patch) | |
tree | 88991c69dd26585b42c8442f2440958dc49e9cb4 /apps | |
parent | 60eac3fec589f69bbeed21e2b0108c2055afc0ca (diff) | |
download | nextcloud-server-e9f7ea11bb85b599daec7a918764dc39c70e637c.tar.gz nextcloud-server-e9f7ea11bb85b599daec7a918764dc39c70e637c.zip |
Improve password generation for link shares
Use web crypto when generating password for link shares
whenever the password policy app is disabled.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files_sharing/src/utils/GeneratePassword.js | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/apps/files_sharing/src/utils/GeneratePassword.js b/apps/files_sharing/src/utils/GeneratePassword.js index 6da6076b937..63cc68983a1 100644 --- a/apps/files_sharing/src/utils/GeneratePassword.js +++ b/apps/files_sharing/src/utils/GeneratePassword.js @@ -25,6 +25,7 @@ import Config from '../services/ConfigService' import { showError, showSuccess } from '@nextcloud/dialogs' const config = new Config() +// note: some chars removed on purpose to make them human friendly when read out const passwordSet = 'abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789' /** @@ -49,10 +50,12 @@ export default async function() { } } - // generate password of 10 length based on passwordSet - return Array(10).fill(0) - .reduce((prev, curr) => { - prev += passwordSet.charAt(Math.floor(Math.random() * passwordSet.length)) - return prev - }, '') + const array = new Uint8Array(10) + const ratio = passwordSet.length / 255 + self.crypto.getRandomValues(array) + let password = '' + for (let i = 0; i < array.length; i++) { + password += passwordSet.charAt(array[i] * ratio) + } + return password } |