Change PW generation to a secure method

This commit is contained in:
Finn Stutzenstein 2021-01-05 07:42:19 +01:00
parent ea277adf9e
commit 183c511046
No known key found for this signature in database
GPG Key ID: 9042F605C6324654
1 changed files with 3 additions and 1 deletions

View File

@ -181,9 +181,11 @@ export class UserRepositoryService extends BaseRepository<ViewUser, User, UserTi
*/
public getRandomPassword(length: number = 10): string {
let pw = '';
const array = new Uint8Array(length);
window.crypto.getRandomValues(array);
const characters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
for (let i = 0; i < length; i++) {
pw += characters.charAt(Math.floor(Math.random() * characters.length));
pw += characters.charAt(array[i] % characters.length);
}
return pw;
}