upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 08:44:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Create more secure passwords by default

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2022-08-12 10:03:19 +02:00
parent d275c93035
commit 33d7a9624c
No known key found for this signature in database
GPG key ID: C400AAF20C1BB6FC
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
lib/private/Setup/MySQL.php
View file

@ -141,6 +141,16 @@ class MySQL extends AbstractDatabase {
$rootUser = $this->dbUser;
$rootPassword = $this->dbPassword;
//create a random password so we don't need to store the admin password in the config file
$saveSymbols = str_replace(['\"', '\\', '\'', '`'], '', ISecureRandom::CHAR_SYMBOLS);
$password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC . $saveSymbols)
. $this->random->generate(2, ISecureRandom::CHAR_UPPER)
. $this->random->generate(2, ISecureRandom::CHAR_LOWER)
. $this->random->generate(2, ISecureRandom::CHAR_DIGITS)
. $this->random->generate(2, $saveSymbols)
;
$this->dbPassword = str_shuffle($password);
try {
//user already specified in config
$oldUser = $this->config->getValue('dbuser', false);
@ -163,10 +173,6 @@ class MySQL extends AbstractDatabase {
if (count($data) === 0) {
//use the admin login data for the new database user
$this->dbUser = $adminUser;
//create a random password so we don't need to store the admin password in the config file
$this->dbPassword = $this->random->generate(30, ISecureRandom::CHAR_ALPHANUMERIC);
$this->createDBUser($connection);
break;