diff --git a/pkg/migration/20190511202210.go b/pkg/migration/20190511202210.go index 839217128..8e1157a57 100644 --- a/pkg/migration/20190511202210.go +++ b/pkg/migration/20190511202210.go @@ -17,7 +17,11 @@ package migration import ( + "strconv" + + "code.vikunja.io/api/pkg/log" "code.vikunja.io/api/pkg/utils" + "src.techknowlogick.com/xormigrate" "xorm.io/xorm" ) @@ -68,7 +72,12 @@ func init() { } for _, t := range allTasks { - t.UID = utils.MakeRandomString(40) + var err error + t.UID, err = utils.CryptoRandomString(40) + if err != nil { + log.Errorf("Migration 20190511202210: Could not generate random string: %s", err) + t.UID = "migration-error-uid-" + strconv.FormatInt(t.ID, 10) + } _, err = tx.Where("id = ?", t.ID).Cols("uid").Update(t) if err != nil { return err diff --git a/pkg/models/link_sharing.go b/pkg/models/link_sharing.go index ce47b0c21..dd3885892 100644 --- a/pkg/models/link_sharing.go +++ b/pkg/models/link_sharing.go @@ -142,7 +142,11 @@ func (share *LinkSharing) Create(s *xorm.Session, a web.Auth) (err error) { } share.SharedByID = a.GetID() - share.Hash = utils.MakeRandomString(40) + hash, err := utils.CryptoRandomString(40) + if err != nil { + return err + } + share.Hash = hash if share.Password != "" { share.SharingType = SharingTypeWithPassword diff --git a/pkg/models/project_duplicate.go b/pkg/models/project_duplicate.go index 350248013..f05c0756a 100644 --- a/pkg/models/project_duplicate.go +++ b/pkg/models/project_duplicate.go @@ -153,7 +153,11 @@ func (pd *ProjectDuplicate) Create(s *xorm.Session, doer web.Auth) (err error) { for _, share := range linkShares { share.ID = 0 share.ProjectID = pd.Project.ID - share.Hash = utils.MakeRandomString(40) + hash, err := utils.CryptoRandomString(40) + if err != nil { + return err + } + share.Hash = hash if _, err := s.Insert(share); err != nil { return err } diff --git a/pkg/modules/migration/todoist/todoist.go b/pkg/modules/migration/todoist/todoist.go index ff1b96351..a9b17b131 100644 --- a/pkg/modules/migration/todoist/todoist.go +++ b/pkg/modules/migration/todoist/todoist.go @@ -218,10 +218,14 @@ func (m *Migration) Name() string { // @Failure 500 {object} models.Message "Internal server error" // @Router /migration/todoist/auth [get] func (m *Migration) AuthURL() string { + state, err := utils.CryptoRandomString(32) + if err != nil { + state = "todoist-migration" + } return "https://todoist.com/oauth/authorize" + "?client_id=" + config.MigrationTodoistClientID.GetString() + "&scope=data:read" + - "&state=" + utils.MakeRandomString(32) + "&state=" + state } func parseDate(dateString string) (date time.Time, err error) { diff --git a/pkg/notifications/mail_render.go b/pkg/notifications/mail_render.go index 3cacee3a1..b604651e4 100644 --- a/pkg/notifications/mail_render.go +++ b/pkg/notifications/mail_render.go @@ -146,7 +146,11 @@ func RenderMail(m *Mail, lang string) (mailOpts *mail.Opts, err error) { return nil, err } - boundary := "np" + utils.MakeRandomString(13) + boundaryStr, err := utils.CryptoRandomString(13) + if err != nil { + return nil, err + } + boundary := "np" + boundaryStr data := make(map[string]interface{}) diff --git a/pkg/user/token.go b/pkg/user/token.go index 85915640c..8b995ae6a 100644 --- a/pkg/user/token.go +++ b/pkg/user/token.go @@ -54,23 +54,33 @@ func (t *Token) TableName() string { return "user_tokens" } -func genToken(u *User, kind TokenKind) *Token { +func genToken(u *User, kind TokenKind) (*Token, error) { + tokenStr, err := utils.CryptoRandomString(tokenSize) + if err != nil { + return nil, err + } return &Token{ UserID: u.ID, Kind: kind, - Token: utils.MakeRandomString(tokenSize), - } + Token: tokenStr, + }, nil } func generateToken(s *xorm.Session, u *User, kind TokenKind) (token *Token, err error) { - token = genToken(u, kind) + token, err = genToken(u, kind) + if err != nil { + return nil, err + } _, err = s.Insert(token) return } func generateHashedToken(s *xorm.Session, u *User, kind TokenKind) (token *Token, err error) { - token = genToken(u, kind) + token, err = genToken(u, kind) + if err != nil { + return nil, err + } token.ClearTextToken = token.Token token.Token, err = HashPassword(token.ClearTextToken) if err != nil { diff --git a/pkg/utils/random.go b/pkg/utils/random.go index e2304650b..547e07f32 100644 --- a/pkg/utils/random.go +++ b/pkg/utils/random.go @@ -17,23 +17,10 @@ package utils import ( - "code.vikunja.io/api/pkg/log" - "crypto/rand" "math/big" ) -// MakeRandomString return a random string -// Deprecated: use CryptoRandomString instead -func MakeRandomString(n int) string { - str, err := CryptoRandomString(int64(n)) - if err != nil { - log.Errorf("Could not generate random string: %s", err) - } - - return str -} - // CryptoRandomInt returns a crypto random integer between 0 and limit, inclusive // Copied from https://github.com/go-gitea/gitea/blob/main/modules/util/util.go#L121-L127 func CryptoRandomInt(limit int64) (int64, error) { diff --git a/pkg/utils/random_test.go b/pkg/utils/random_test.go index 461ac557c..a2f400867 100644 --- a/pkg/utils/random_test.go +++ b/pkg/utils/random_test.go @@ -20,10 +20,12 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) -func TestMakeRandomString(t *testing.T) { - rand := MakeRandomString(32) +func TestCryptoRandomString(t *testing.T) { + rand, err := CryptoRandomString(32) + require.NoError(t, err) assert.NotEqual(t, "loremipsuim", rand) assert.Len(t, rand, 32) }