upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Introduce ISecureRandom::CHAR_ALPHANUMERIC

Browse source 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
This commit is contained in:
J0WI 2021-07-07 17:52:46 +02:00
parent 040bc04287
commit 3b656446af
15 changed files with 17 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/dav/lib/CalDAV/Schedule/IMipPlugin.php
View file

@ -692,7 +692,7 @@ class IMipPlugin extends SabreIMipPlugin {
* @return string
*/
private function createInvitationToken(Message $iTipMessage, $lastOccurrence):string {
$token = $this->random->generate(60, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS);
$token = $this->random->generate(60, ISecureRandom::CHAR_ALPHANUMERIC);
/** @var VEvent $vevent */
$vevent = $iTipMessage->message->VEVENT;

2
apps/dav/lib/Controller/DirectController.php
View file

@ -104,7 +104,7 @@ class DirectController extends OCSController {
$direct->setUserId($this->userId);
$direct->setFileId($fileId);
$token = $this->random->generate(60, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS);
$token = $this->random->generate(60, ISecureRandom::CHAR_ALPHANUMERIC);
$direct->setToken($token);
$direct->setExpiration($this->timeFactory->getTime() + $expirationTime);

2
apps/dav/tests/unit/Controller/DirectControllerTest.php
View file

@ -131,7 +131,7 @@ class DirectControllerTest extends TestCase {
$this->random->method('generate')
->with(
60,
ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS
ISecureRandom::CHAR_ALPHANUMERIC
)->willReturn('superduperlongtoken');
$this->directMapper->expects($this->once())

2
apps/federatedfilesharing/lib/TokenHandler.php
View file

@ -52,7 +52,7 @@ class TokenHandler {
public function generateToken() {
$token = $this->secureRandom->generate(
self::TOKEN_LENGTH,
ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
ISecureRandom::CHAR_ALPHANUMERIC);
return $token;
}
}

2
apps/federatedfilesharing/tests/TokenHandlerTest.php
View file

@ -49,7 +49,7 @@ class TokenHandlerTest extends \Test\TestCase {
$this->secureRandom->expects($this->once())->method('generate')
->with(
$this->expectedTokenLength,
ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS
ISecureRandom::CHAR_ALPHANUMERIC
)
->willReturn('mytoken');

4
apps/oauth2/lib/Controller/OauthApiController.php
View file

@ -147,7 +147,7 @@ class OauthApiController extends Controller {
}
// Rotate the apptoken (so the old one becomes invalid basically)
$newToken = $this->secureRandom->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
$newToken = $this->secureRandom->generate(72, ISecureRandom::CHAR_ALPHANUMERIC);
$appToken = $this->tokenProvider->rotate(
$appToken,
@ -160,7 +160,7 @@ class OauthApiController extends Controller {
$this->tokenProvider->updateToken($appToken);
// Generate a new refresh token and encrypt the new apptoken in the DB
$newCode = $this->secureRandom->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
$newCode = $this->secureRandom->generate(128, ISecureRandom::CHAR_ALPHANUMERIC);
$accessToken->setHashedCode(hash('sha512', $newCode));
$accessToken->setEncryptedToken($this->crypto->encrypt($newToken, $newCode));
$this->accessTokenMapper->update($accessToken);

4
apps/settings/lib/Mailer/NewUserMailHelper.php
View file

@ -104,9 +104,7 @@ class NewUserMailHelper {
if ($generatePasswordResetToken) {
$token = $this->secureRandom->generate(
21,
ISecureRandom::CHAR_DIGITS .
ISecureRandom::CHAR_LOWER .
ISecureRandom::CHAR_UPPER
ISecureRandom::CHAR_ALPHANUMERIC
);
$tokenValue = $this->timeFactory->getTime() . ':' . $token;
$mailAddress = (null !== $user->getEMailAddress()) ? $user->getEMailAddress() : '';

6
apps/settings/tests/Mailer/NewUserMailHelperTest.php
View file

@ -129,11 +129,7 @@ class NewUserMailHelperTest extends TestCase {
$this->secureRandom
->expects($this->once())
->method('generate')
->with(21,
ISecureRandom::CHAR_DIGITS .
ISecureRandom::CHAR_LOWER .
ISecureRandom::CHAR_UPPER
)
->with(21, ISecureRandom::CHAR_ALPHANUMERIC)
->willReturn('MySuperLongSecureRandomToken');
$this->timeFactory
->expects($this->once())

2
apps/sharebymail/lib/ShareByMailProvider.php
View file

@ -224,7 +224,7 @@ class ShareByMailProvider implements IShareProvider {
$password = $passwordEvent->getPassword();
if ($password === null) {
$password = $this->secureRandom->generate(8, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
$password = $this->secureRandom->generate(8, ISecureRandom::CHAR_HUMAN_READABLE);
}
return $password;

2
apps/sharebymail/tests/ShareByMailProviderTest.php
View file

@ -301,7 +301,7 @@ class ShareByMailProviderTest extends TestCase {
$this->secureRandom->expects($this->once())
->method('generate')
->with(8, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS)
->with(8, ISecureRandom::CHAR_HUMAN_READABLE)
->willReturn('autogeneratedPassword');
$this->eventDispatcher->expects($this->once())
->method('dispatchTyped')

2
lib/private/AppFramework/Http/Request.php
View file

@ -575,7 +575,7 @@ class Request implements \ArrayAccess, \Countable, IRequest {
}
if (empty($this->requestId)) {
$validChars = ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS;
$validChars = ISecureRandom::CHAR_ALPHANUMERIC;
$this->requestId = $this->secureRandom->generate(20, $validChars);
}

2
lib/private/Cache/File.php
View file

@ -108,7 +108,7 @@ class File implements ICache {
// unique id to avoid chunk collision, just in case
$uniqueId = \OC::$server->getSecureRandom()->generate(
16,
ISecureRandom::CHAR_DIGITS . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER
ISecureRandom::CHAR_ALPHANUMERIC
);
// use part file to prevent hasKey() to find the key

2
lib/private/Setup/MySQL.php
View file

@ -162,7 +162,7 @@ class MySQL extends AbstractDatabase {
$this->dbUser = $adminUser;
//create a random password so we don't need to store the admin password in the config file
$this->dbPassword = $this->random->generate(30, ISecureRandom::CHAR_DIGITS . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER);
$this->dbPassword = $this->random->generate(30, ISecureRandom::CHAR_ALPHANUMERIC);
$this->createDBUser($connection);

3
lib/private/Setup/PostgreSQL.php
View file

@ -31,6 +31,7 @@ namespace OC\Setup;
use OC\DatabaseException;
use OC\DB\Connection;
use OC\DB\QueryBuilder\Literal;
use OCP\Security\ISecureRandom;
class PostgreSQL extends AbstractDatabase {
public $dbprettyname = 'PostgreSQL';
@ -66,7 +67,7 @@ class PostgreSQL extends AbstractDatabase {
//add prefix to the postgresql user name to prevent collisions
$this->dbUser = 'oc_' . strtolower($username);
//create a new password so we don't need to store the admin config in the config file
$this->dbPassword = \OC::$server->getSecureRandom()->generate(30, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_DIGITS);
$this->dbPassword = \OC::$server->getSecureRandom()->generate(30, ISecureRandom::CHAR_ALPHANUMERIC);
$this->createDBUser($connection);
}

1
lib/public/Security/ISecureRandom.php
View file

@ -47,6 +47,7 @@ interface ISecureRandom {
public const CHAR_LOWER = 'abcdefghijklmnopqrstuvwxyz';
public const CHAR_DIGITS = '0123456789';
public const CHAR_SYMBOLS = '!\"#$%&\\\'()*+,-./:;<=>?@[\]^_`{|}~';
public const CHAR_ALPHANUMERIC = self::CHAR_UPPER . self::CHAR_LOWER . self::CHAR_DIGITS;
/**
* Characters that can be used for <code>generate($length, $characters)</code>, to