From 2b1965c9416c04a22e6cc7e7d5d72236d48e2be1 Mon Sep 17 00:00:00 2001 From: Pascal Fischer Date: Wed, 8 Mar 2023 11:36:03 +0100 Subject: [PATCH] switch secret generation to use lib --- management/server/personal_access_token.go | 30 ++++++++----------- .../server/personal_access_token_test.go | 6 ++-- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/management/server/personal_access_token.go b/management/server/personal_access_token.go index e4be53a2c..d15bad079 100644 --- a/management/server/personal_access_token.go +++ b/management/server/personal_access_token.go @@ -4,10 +4,10 @@ import ( "crypto/sha256" "fmt" "hash/crc32" - "math/rand" "time" "codeberg.org/ac/base62" + b "github.com/hashicorp/go-secure-stdlib/base62" "github.com/rs/xid" ) @@ -25,8 +25,11 @@ type PersonalAccessToken struct { // CreateNewPAT will generate a new PersonalAccessToken that can be assigned to a User. // Additionally, it will return the token in plain text once, to give to the user and only save a hashed version -func CreateNewPAT(description string, expirationInDays int, createdBy string) (*PersonalAccessToken, string) { - hashedToken, plainToken := generateNewToken() +func CreateNewPAT(description string, expirationInDays int, createdBy string) (*PersonalAccessToken, string, error) { + hashedToken, plainToken, err := generateNewToken() + if err != nil { + return nil, "", err + } currentTime := time.Now().UTC() return &PersonalAccessToken{ ID: xid.New().String(), @@ -36,26 +39,19 @@ func CreateNewPAT(description string, expirationInDays int, createdBy string) (* CreatedBy: createdBy, CreatedAt: currentTime, LastUsed: currentTime, - }, plainToken + }, plainToken, nil } -func generateNewToken() (string, string) { - secret := randStringRunes(30) +func generateNewToken() (string, string, error) { + secret, err := b.Random(30) + if err != nil { + return "", "", err + } checksum := crc32.ChecksumIEEE([]byte(secret)) encodedChecksum := base62.Encode(checksum) paddedChecksum := fmt.Sprintf("%06s", encodedChecksum) plainToken := "nbp_" + secret + paddedChecksum hashedToken := sha256.Sum256([]byte(plainToken)) - return string(hashedToken[:]), plainToken -} - -var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") - -func randStringRunes(n int) string { - b := make([]rune, n) - for i := range b { - b[i] = letterRunes[rand.Intn(len(letterRunes))] - } - return string(b) + return string(hashedToken[:]), plainToken, nil } diff --git a/management/server/personal_access_token_test.go b/management/server/personal_access_token_test.go index 712de1f72..cba321749 100644 --- a/management/server/personal_access_token_test.go +++ b/management/server/personal_access_token_test.go @@ -11,19 +11,19 @@ import ( ) func TestPAT_GenerateToken_Hashing(t *testing.T) { - hashedToken, plainToken := generateNewToken() + hashedToken, plainToken, _ := generateNewToken() expectedToken := sha256.Sum256([]byte(plainToken)) assert.Equal(t, hashedToken, string(expectedToken[:])) } func TestPAT_GenerateToken_Prefix(t *testing.T) { - _, plainToken := generateNewToken() + _, plainToken, _ := generateNewToken() fourCharPrefix := plainToken[:4] assert.Equal(t, "nbp_", fourCharPrefix) } func TestPAT_GenerateToken_Checksum(t *testing.T) { - _, plainToken := generateNewToken() + _, plainToken, _ := generateNewToken() tokenWithoutPrefix := strings.Split(plainToken, "_")[1] if len(tokenWithoutPrefix) != 36 { t.Fatal("Token has wrong length")