Update random id generation algorithm

author r <r@freesoftwareextremist.com>

Sun, 26 Jan 2020 07:45:02 +0000 (07:45 +0000)

committer r <r@freesoftwareextremist.com>

Sun, 26 Jan 2020 07:45:34 +0000 (07:45 +0000)
author r <r@freesoftwareextremist.com>
Sun, 26 Jan 2020 07:45:02 +0000 (07:45 +0000)
committer r <r@freesoftwareextremist.com>
Sun, 26 Jan 2020 07:45:34 +0000 (07:45 +0000)
diff --git a/migrations/csrfToken/main.go b/migrations/csrfToken/main.go

index fcd49f2272c18c477108a8a5f9a5e5e1219f43ac..f2326df2a0d202584423a51a46f764eacbcde2f8 100644 (file)
--- a/migrations/csrfToken/main.go
+++ b/migrations/csrfToken/main.go
@@ -69,7 +69,10 @@ func main() {
                 if err != nil {
                         log.Fatal(err)
                 }
                 if err != nil {
                         log.Fatal(err)
                 }
-               s.CSRFToken = util.NewCSRFToken()
+               s.CSRFToken, err = util.NewCSRFToken()
+               if err != nil {
+                       log.Fatal(err)
+               }
                 err = sessionRepo.Add(s)
                 if err != nil {
                         log.Fatal(err)
                 err = sessionRepo.Add(s)
                 if err != nil {
                         log.Fatal(err)
diff --git a/service/service.go b/service/service.go

index db851f77d601956ed46fc3acdb6d1cd9017431ff..c9fccb4c9835b3da9f3abc3432abd3193ba5f1fc 100644 (file)
--- a/service/service.go
+++ b/service/service.go
@@ -106,8 +106,14 @@ func (svc *service) GetAuthUrl(ctx context.Context, instance string) (
                 instanceURL = "https://" + instance
         }
  
                 instanceURL = "https://" + instance
         }
  
-       sessionID = util.NewSessionId()
-       csrfToken := util.NewCSRFToken()
+       sessionID, err = util.NewSessionId()
+       if err != nil {
+               return
+       }
+       csrfToken, err := util.NewCSRFToken()
+       if err != nil {
+               return
+       }
         session := model.Session{
                 ID:             sessionID,
                 InstanceDomain: instance,
         session := model.Session{
                 ID:             sessionID,
                 InstanceDomain: instance,
diff --git a/util/rand.go b/util/rand.go

index 212d6d33f63b477089bf8443da9cd53e65995179..ffe97a0da158d5149ffb9a109a0e92af3508c643 100644 (file)
--- a/util/rand.go
+++ b/util/rand.go
@@ -1,7 +1,8 @@
  package util
  
  import (
  package util
  
  import (
-       "math/rand"
+       "crypto/rand"
+       "math/big"
  )
  
  var (
  )
  
  var (
@@ -9,18 +10,22 @@ var (
         runes_length = len(runes)
  )
  
         runes_length = len(runes)
  )
  
-func NewRandId(n int) string {
+func NewRandId(n int) (string, error) {
         data := make([]rune, n)
         for i := range data {
         data := make([]rune, n)
         for i := range data {
-               data[i] = runes[rand.Intn(runes_length)]
+               num, err := rand.Int(rand.Reader, big.NewInt(int64(runes_length)))
+               if err != nil {
+                       return "", err
+               }
+               data[i] = runes[num.Int64()]
         }
         }
-       return string(data)
+       return string(data), nil
  }
  
  }
  
-func NewSessionId() string {
+func NewSessionId() (string, error) {
         return NewRandId(24)
  }
  
         return NewRandId(24)
  }
  
-func NewCSRFToken() string {
+func NewCSRFToken() (string, error) {
         return NewRandId(24)
  }
         return NewRandId(24)
  }
author	r <r@freesoftwareextremist.com>
	Sun, 26 Jan 2020 07:45:02 +0000 (07:45 +0000)
committer	r <r@freesoftwareextremist.com>
	Sun, 26 Jan 2020 07:45:34 +0000 (07:45 +0000)
migrations/csrfToken/main.go		patch \| blob \| history
service/service.go		patch \| blob \| history
util/rand.go		patch \| blob \| history