[FIX] Random generated password not matching the Password Policy (#18475

)
RocketChat · Aug 6, 2020 · 3ce8e65 · 3ce8e65
1 parent 37fe21f
commit 3ce8e65
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/app/lib/server/functions/saveUser.js b/app/lib/server/functions/saveUser.js
@@ -3,7 +3,6 @@ import { Accounts } from 'meteor/accounts-base';
 import _ from 'underscore';
 import s from 'underscore.string';
 import { Gravatar } from 'meteor/jparker:gravatar';
-import { Random } from 'meteor/random';
 
 import * as Mailer from '../../../mailer';
 import { getRoles, hasPermission } from '../../../authorization';
@@ -238,7 +237,7 @@ export const saveUser = function(userId, userData) {
 
 	if (userData.hasOwnProperty('setRandomPassword')) {
 		if (userData.setRandomPassword) {
-			userData.password = Random.id();
+			userData.password = passwordPolicy.generatePassword();
 			userData.requirePasswordChange = true;
 			sendPassword = true;
 		}

diff --git a/app/lib/server/lib/PasswordPolicyClass.js b/app/lib/server/lib/PasswordPolicyClass.js
@@ -1,4 +1,5 @@
 import { Meteor } from 'meteor/meteor';
+import { Random } from 'meteor/random';
 
 class PasswordPolicy {
 	constructor({
@@ -123,6 +124,24 @@ class PasswordPolicy {
 		}
 		return data;
 	}
+
+	generatePassword() {
+		if (this.enabled) {
+			for (let i = 0; i < 10; i++) {
+				const password = this._generatePassword();
+				if (this.validate(password)) {
+					return password;
+				}
+			}
+		}
+
+		return Random.id();
+	}
+
+	_generatePassword() {
+		const length = Math.min(Math.max(this.minLength, 12), this.maxLength > 0 ? this.maxLength : Number.MAX_SAFE_INTEGER);
+		return new Array(length).fill().map(() => String.fromCharCode(Math.random() * 86 + 40)).join('');
+	}
 }
 
 export default PasswordPolicy;