Merge pull request #5791 from FinnStutzenstein/pwGeneration

Change PW generation to a secure method
This commit is contained in:
Emanuel Schütze 2021-01-08 15:37:38 +01:00 committed by GitHub
commit 8542817129
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -181,9 +181,11 @@ export class UserRepositoryService extends BaseRepository<ViewUser, User, UserTi
*/ */
public getRandomPassword(length: number = 10): string { public getRandomPassword(length: number = 10): string {
let pw = ''; let pw = '';
const array = new Uint8Array(length);
window.crypto.getRandomValues(array);
const characters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789'; const characters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
for (let i = 0; i < length; i++) { for (let i = 0; i < length; i++) {
pw += characters.charAt(Math.floor(Math.random() * characters.length)); pw += characters.charAt(array[i] % characters.length);
} }
return pw; return pw;
} }