Fork: 0
johnpearcey / gitbucket_jkp
Browse code
Use SecureRandom to generate access tokens.
scala.util.Random uses java.util.Random which only provides 64 bits of randomness.
master
1 parent ecc50cd commit 72d07422a4f9e8e684372c8734c40b448a55a091
@Scf37 Scf37 authored on 17 May 2018
Patch
Unified Split
Showing 1 changed file
View
10
src/main/scala/gitbucket/core/service/AccessTokenService.scala
import gitbucket.core.model.Profile.profile.blockingApi._
import gitbucket.core.model.{AccessToken, Account}
import gitbucket.core.util.StringUtil
 
import scala.util.Random
import java.security.SecureRandom
 
trait AccessTokenService {
 
def makeAccessTokenString: String = {
val bytes = new Array[Byte](20)
Random.nextBytes(bytes)
AccessTokenService.secureRandom.nextBytes(bytes)
bytes.map("%02x".format(_)).mkString
}
 
def tokenToHash(token: String): String = StringUtil.sha1(token)
AccessTokens filter (t => t.userName === userName.bind && t.accessTokenId === accessTokenId) delete
 
}
 
object AccessTokenService extends AccessTokenService
object AccessTokenService extends AccessTokenService {
private val secureRandom = new SecureRandom()
}