From 151fff51c530684ce7d840660e0aa3efbb931d27 Mon Sep 17 00:00:00 2001 From: melohagan <101575380+melohagan@users.noreply.github.com> Date: Mon, 12 Aug 2024 21:37:59 +0100 Subject: [PATCH] Make generated passwords longer (#14362) * Make generated passwords longer * Use crypto for generating passwords * Remove comments * Generate password with length 12 --- .../users/users/_components/AddUserModal.svelte | 12 ++++++++++-- .../pages/builder/portal/users/users/index.svelte | 10 +++++++++- packages/worker/src/api/controllers/global/users.ts | 10 +++++++++- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte index 5077239882..36709ae9c0 100644 --- a/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte +++ b/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte @@ -16,7 +16,7 @@ export let showOnboardingTypeModal - const password = Math.random().toString(36).substring(2, 22) + const password = generatePassword(12) let disabled let userGroups = [] @@ -44,7 +44,7 @@ { email: "", role: "appUser", - password: Math.random().toString(36).substring(2, 22), + password: generatePassword(12), forceResetPassword: true, error: null, }, @@ -69,6 +69,14 @@ return userData[index].error == null } + function generatePassword(length) { + const array = new Uint8Array(length) + window.crypto.getRandomValues(array) + return Array.from(array, byte => byte.toString(36).padStart(2, "0")) + .join("") + .slice(0, length) + } + const onConfirm = () => { let valid = true userData.forEach((input, index) => { diff --git a/packages/builder/src/pages/builder/portal/users/users/index.svelte b/packages/builder/src/pages/builder/portal/users/users/index.svelte index 58da310104..01d23afa67 100644 --- a/packages/builder/src/pages/builder/portal/users/users/index.svelte +++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte @@ -216,7 +216,7 @@ const newUser = { email: email, role: usersRole, - password: Math.random().toString(36).substring(2, 22), + password: generatePassword(12), forceResetPassword: true, } @@ -288,6 +288,14 @@ } } + const generatePassword = length => { + const array = new Uint8Array(length) + window.crypto.getRandomValues(array) + return Array.from(array, byte => byte.toString(36).padStart(2, "0")) + .join("") + .slice(0, length) + } + onMount(async () => { try { await groups.actions.init() diff --git a/packages/worker/src/api/controllers/global/users.ts b/packages/worker/src/api/controllers/global/users.ts index 273eec279c..b039376d9b 100644 --- a/packages/worker/src/api/controllers/global/users.ts +++ b/packages/worker/src/api/controllers/global/users.ts @@ -41,6 +41,14 @@ import { BpmStatusKey, BpmStatusValue } from "@budibase/shared-core" const MAX_USERS_UPLOAD_LIMIT = 1000 +const generatePassword = (length: number) => { + const array = new Uint8Array(length) + crypto.getRandomValues(array) + return Array.from(array, byte => byte.toString(36).padStart(2, "0")) + .join("") + .slice(0, length) +} + export const save = async (ctx: UserCtx) => { try { const currentUserId = ctx.user?._id @@ -296,7 +304,7 @@ export const onboardUsers = async ( let createdPasswords: Record = {} const users: User[] = ctx.request.body.map(invite => { - let password = Math.random().toString(36).substring(2, 22) + const password = generatePassword(12) createdPasswords[invite.email] = password return {