Skip to content

Commit

Permalink
user random string (#759)
Browse files Browse the repository at this point in the history
* user random string

* Fix auth_key encryption to prevent null character errors (#759)
  • Loading branch information
nadar authored Apr 23, 2024
1 parent cff5830 commit b324a82
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/).
In order to read more about upgrading and BC breaks have a look at the [UPGRADE Document](UPGRADE.md).

## 5.0.3 ()

+ [#759](https://github.com/luyadev/luya-module-admin/pull/759) Prevent `Bcrypt password must not contain null character` errors by using generateRandomString for auth_key encryption.

## 5.0.2 (28. March 2024)

+ [#758](https://github.com/luyadev/luya-module-admin/pull/758) Enhanced the functionality to reorganize folders within the folder hierarchy, allowing for movement to the root or placement into a different subfolder.
Expand Down
8 changes: 5 additions & 3 deletions src/models/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -589,14 +589,16 @@ public function getId()
*/
public function getAuthKey()
{
// find user agent, if empty disable auto login
$userAgent = Yii::$app->request->userAgent;

// no user agent, dissable auto login
if (empty($userAgent)) {
return false;
}

$checksum = UserDevice::generateUserAgentChecksum($userAgent);
if (empty($checksum)) {
return false;
}

$model = UserDevice::find()->where(['user_id' => $this->id, 'user_agent_checksum' => $checksum])->one();

Expand All @@ -610,7 +612,7 @@ public function getAuthKey()
$model->user_id = $this->id;
$model->user_agent = $userAgent;
$model->user_agent_checksum = $checksum;
$model->auth_key = Yii::$app->security->generatePasswordHash(Yii::$app->security->generateRandomKey() . $checksum);
$model->auth_key = Yii::$app->security->generatePasswordHash(Yii::$app->security->generateRandomString() . $checksum);

if ($model->save()) {
return $model->auth_key;
Expand Down

0 comments on commit b324a82

Please sign in to comment.