Skip to content

Commit

Permalink
Use random bytes to generate access token (#21959)
Browse files Browse the repository at this point in the history
  • Loading branch information
@wolfogre
wolfogre authored Nov 28, 2022
1 parent 9607750 commit f047ee0
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions models/auth/token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,15 @@ package auth

import (
"crypto/subtle"
"encoding/hex"
"fmt"
"time"

"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/util"

gouuid "github.com/google/uuid"
lru "github.com/hashicorp/golang-lru"
)

Expand Down Expand Up @@ -100,8 +99,12 @@ func NewAccessToken(t *AccessToken) error {
if err != nil {
return err
}
token, err := util.CryptoRandomBytes(20)
if err != nil {
return err
}
t.TokenSalt = salt
t.Token = base.EncodeSha1(gouuid.New().String())
t.Token = hex.EncodeToString(token)
t.TokenHash = HashToken(t.Token, t.TokenSalt)
t.TokenLastEight = t.Token[len(t.Token)-8:]
_, err = db.GetEngine(db.DefaultContext).Insert(t)
Expand Down

0 comments on commit f047ee0

Please sign in to comment.