Skip to content

Commit

Permalink
Improve password generation for link shares
Browse files Browse the repository at this point in the history 
Use web crypto when generating password for link shares
whenever the password policy app is disabled.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
  • Loading branch information
@PVince81 @backportbot-nextcloud
PVince81 authored and backportbot-nextcloud[bot] committed Jan 16, 2023
1 parent ff90735 commit f92ba84
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions apps/files_sharing/src/utils/GeneratePassword.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import axios from '@nextcloud/axios'
import Config from '../services/ConfigService'

const config = new Config()
// note: some chars removed on purpose to make them human friendly when read out
const passwordSet = 'abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789'

/**
Expand All @@ -46,10 +47,12 @@ export default async function() {
}
}

// generate password of 10 length based on passwordSet
return Array(10).fill(0)
.reduce((prev, curr) => {
prev += passwordSet.charAt(Math.floor(Math.random() * passwordSet.length))
return prev
}, '')
const array = new Uint8Array(10)
const ratio = passwordSet.length / 255
self.crypto.getRandomValues(array)
let password = ''
for (let i = 0; i < array.length; i++) {
password += passwordSet.charAt(array[i] * ratio)
}
return password
}

0 comments on commit f92ba84

Please sign in to comment.