Make generated passwords longer (#14362)

* Make generated passwords longer * Use crypto for generating passwords * Remove comments * Generate password with length 12
2024-08-12 21:37:59 +01:00 · 2024-08-12 21:37:59 +01:00 · 151fff51c5
parent d0f1dc2937
commit 151fff51c5
3 changed files with 28 additions and 4 deletions
--- a/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte
@ -16,7 +16,7 @@

  export let showOnboardingTypeModal

-  const password = Math.random().toString(36).substring(2, 22)
+  const password = generatePassword(12)
  let disabled
  let userGroups = []

@ -44,7 +44,7 @@
      {
        email: "",
        role: "appUser",
-        password: Math.random().toString(36).substring(2, 22),
+        password: generatePassword(12),
        forceResetPassword: true,
        error: null,
      },
@ -69,6 +69,14 @@
    return userData[index].error == null
  }

+  function generatePassword(length) {
+    const array = new Uint8Array(length)
+    window.crypto.getRandomValues(array)
+    return Array.from(array, byte => byte.toString(36).padStart(2, "0"))
+      .join("")
+      .slice(0, length)
+  }
+
  const onConfirm = () => {
    let valid = true
    userData.forEach((input, index) => {
--- a/packages/builder/src/pages/builder/portal/users/users/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte
@ -216,7 +216,7 @@
      const newUser = {
        email: email,
        role: usersRole,
-        password: Math.random().toString(36).substring(2, 22),
+        password: generatePassword(12),
        forceResetPassword: true,
      }

@ -288,6 +288,14 @@
    }
  }

+  const generatePassword = length => {
+    const array = new Uint8Array(length)
+    window.crypto.getRandomValues(array)
+    return Array.from(array, byte => byte.toString(36).padStart(2, "0"))
+      .join("")
+      .slice(0, length)
+  }
+
  onMount(async () => {
    try {
      await groups.actions.init()
--- a/packages/worker/src/api/controllers/global/users.ts
+++ b/packages/worker/src/api/controllers/global/users.ts
@ -41,6 +41,14 @@ import { BpmStatusKey, BpmStatusValue } from "@budibase/shared-core"

 const MAX_USERS_UPLOAD_LIMIT = 1000

+const generatePassword = (length: number) => {
+  const array = new Uint8Array(length)
+  crypto.getRandomValues(array)
+  return Array.from(array, byte => byte.toString(36).padStart(2, "0"))
+    .join("")
+    .slice(0, length)
+}
+
 export const save = async (ctx: UserCtx<User, SaveUserResponse>) => {
  try {
    const currentUserId = ctx.user?._id
@ -296,7 +304,7 @@ export const onboardUsers = async (

  let createdPasswords: Record<string, string> = {}
  const users: User[] = ctx.request.body.map(invite => {
-    let password = Math.random().toString(36).substring(2, 22)
+    const password = generatePassword(12)
    createdPasswords[invite.email] = password

    return {