diff options
author | Lukas Reschke <lukas@owncloud.com> | 2014-09-03 17:46:48 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2014-09-03 17:46:48 +0200 |
commit | 63a90a129bedc9baedc2c801fd0744346400379c (patch) | |
tree | 081336db3a01a2f5dc9fa29c1daa3650a66662ca /lib | |
parent | 7d4317e9fbf1db4e2443344dfed1d25ecc6f1a9a (diff) | |
download | nextcloud-server-63a90a129bedc9baedc2c801fd0744346400379c.tar.gz nextcloud-server-63a90a129bedc9baedc2c801fd0744346400379c.zip |
Use proper RNG generator
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/base.php | 2 | ||||
-rw-r--r-- | lib/private/user.php | 2 | ||||
-rw-r--r-- | lib/private/user/session.php | 2 | ||||
-rwxr-xr-x | lib/private/util.php | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/lib/base.php b/lib/base.php index 1a99835040a..18331dd86aa 100644 --- a/lib/base.php +++ b/lib/base.php @@ -943,7 +943,7 @@ class OC { if (defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); } - $token = OC_Util::generateRandomBytes(32); + $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); OC_Preferences::setValue($userid, 'login_token', $token, time()); OC_User::setMagicInCookie($userid, $token); } else { diff --git a/lib/private/user.php b/lib/private/user.php index 509a7c71209..a79fc2ce834 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -428,7 +428,7 @@ class OC_User { * generates a password */ public static function generatePassword() { - return OC_Util::generateRandomBytes(30); + return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30); } /** diff --git a/lib/private/user/session.php b/lib/private/user/session.php index 11938db5076..5517e08a25d 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -234,7 +234,7 @@ class Session implements IUserSession, Emitter { } // replace successfully used token with a new one \OC_Preferences::deleteKey($uid, 'login_token', $currentToken); - $newToken = \OC_Util::generateRandomBytes(32); + $newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); \OC_Preferences::setValue($uid, 'login_token', $newToken, time()); $this->setMagicInCookie($user->getUID(), $newToken); diff --git a/lib/private/util.php b/lib/private/util.php index bc20b7bcd56..94508e502e4 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -940,7 +940,7 @@ class OC_Util { // Check if a token exists if (!\OC::$server->getSession()->exists('requesttoken')) { // No valid token found, generate a new one. - $requestToken = self::generateRandomBytes(20); + $requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30); \OC::$server->getSession()->set('requesttoken', $requestToken); } else { // Valid token already exists, send it |