Change PW generation to a secure method

This commit is contained in:
Finn Stutzenstein 2021-01-05 07:42:19 +01:00
parent ea277adf9e
commit 183c511046
No known key found for this signature in database
GPG Key ID: 9042F605C6324654

View File

@ -181,9 +181,11 @@ export class UserRepositoryService extends BaseRepository<ViewUser, User, UserTi
*/ */
public getRandomPassword(length: number = 10): string { public getRandomPassword(length: number = 10): string {
let pw = ''; let pw = '';
const array = new Uint8Array(length);
window.crypto.getRandomValues(array);
const characters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789'; const characters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
for (let i = 0; i < length; i++) { for (let i = 0; i < length; i++) {
pw += characters.charAt(Math.floor(Math.random() * characters.length)); pw += characters.charAt(array[i] % characters.length);
} }
return pw; return pw;
} }