aboutsummaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorVincent Petry <vincent@nextcloud.com>2023-01-11 15:21:26 +0100
committerVincent Petry <vincent@nextcloud.com>2023-01-16 14:35:08 +0100
commite9f7ea11bb85b599daec7a918764dc39c70e637c (patch)
tree88991c69dd26585b42c8442f2440958dc49e9cb4 /apps
parent60eac3fec589f69bbeed21e2b0108c2055afc0ca (diff)
downloadnextcloud-server-e9f7ea11bb85b599daec7a918764dc39c70e637c.tar.gz
nextcloud-server-e9f7ea11bb85b599daec7a918764dc39c70e637c.zip
Improve password generation for link shares
Use web crypto when generating password for link shares whenever the password policy app is disabled. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'apps')
-rw-r--r--apps/files_sharing/src/utils/GeneratePassword.js15
1 files changed, 9 insertions, 6 deletions
diff --git a/apps/files_sharing/src/utils/GeneratePassword.js b/apps/files_sharing/src/utils/GeneratePassword.js
index 6da6076b937..63cc68983a1 100644
--- a/apps/files_sharing/src/utils/GeneratePassword.js
+++ b/apps/files_sharing/src/utils/GeneratePassword.js
@@ -25,6 +25,7 @@ import Config from '../services/ConfigService'
import { showError, showSuccess } from '@nextcloud/dialogs'
const config = new Config()
+// note: some chars removed on purpose to make them human friendly when read out
const passwordSet = 'abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789'
/**
@@ -49,10 +50,12 @@ export default async function() {
}
}
- // generate password of 10 length based on passwordSet
- return Array(10).fill(0)
- .reduce((prev, curr) => {
- prev += passwordSet.charAt(Math.floor(Math.random() * passwordSet.length))
- return prev
- }, '')
+ const array = new Uint8Array(10)
+ const ratio = passwordSet.length / 255
+ self.crypto.getRandomValues(array)
+ let password = ''
+ for (let i = 0; i < array.length; i++) {
+ password += passwordSet.charAt(array[i] * ratio)
+ }
+ return password
}